Home » Exploits » Afian 'includer.php' Directory Traversal Vulnerability Afian 'includer.php' Directory Traversal Vulnerability Feeds - Exploits Written by contact@vnbrain.net    Monday, 02 March 2009 22:47 Afian 'includer.php' Directory Traversal Vulnerability -\\Bugtraq ID: 33943 -\\Class: Input Validation Error -\\CVE: -\\Remote: Yes -\\Local: No -\\Published: Mar 02 2009 12:00AM -\\Updated: Mar 02 2009 12:00AM -\\Credit: This e-mail address is being protected from spambots. You need JavaScript enabled to view it -\\Vulnerable: Afian Afian  0 -\\Discussion Afian is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. -\\Exploit(s)/PoC(s): An attacker can exploit this issue with a browser. The following example URI is available: http://www.example.com/path/css/includer.php?files=PATH_TO_FILES -\\Solution Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it . -\\References(s) --Vendor Homepage http://www.afian.com  (Afian) --Afian Document Manager Local File Inclusion http://www.securityfocus.com/archive/1/50134  ( This e-mail address is being protected from spambots. You need JavaScript enabled to view it )

Security Services by HSC Contact us Become partner Advertise with us Join our staff