info
discussion
exploit
solution
references
PsychoStats Server.PHP Path Disclosure Vulnerability
No exploit is required.
The following proof-of-concept URI was supplied:
http://www.example.com/[path]/server.php?newcss=styles.css&newtheme=%00
Privacy Statement
Copyright 2010, SecurityFocus
