Jax Petition Book 3.06 - 'jax_petitionbook.php?languagepack' Local File Inclusion

EDB-ID:

29468




Platform:

PHP

Date:

2007-01-15


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/22072/info

Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit these vulnerabilities using directory-traversal strings to have local script code execute in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.

These issues affect version 1.0.3.06; other versions may also be vulnerable. 

http://www.example.com/jax_petitionbook.php?language=../../example_file.xxx%00?