Security Advisory: cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability
  [SA23388] eyeOS File Upload Vulnerability
  cwmVote 1.0 File Include Vulnerability
  PHPFanBase (protection.
php) Remote File Include Vulnerability

From: ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date: 20.12.2006
Subject: cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability

*********************************************************************************
**********
# Title   : cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability
# Author : ajann
# Contact : :(

*********************************************************************************
**********

[[ERROR]]]------------------------------------------------------
....
..
$datei = "dirs/".$d."/".$_GET[show_file];
....
..
[[ERROR]]]---------------------------------------------------------

Example:

//[path]/index.php?d=0&show_file=[file]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!

test server