9 lines
No EOL
566 B
Text
9 lines
No EOL
566 B
Text
source: https://www.securityfocus.com/bid/29275/info
|
|
|
|
The 'bcoos' program is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
|
|
|
|
An attacker can exploit this vulnerability using directory-traversal strings to include local scripts in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
|
|
|
|
This issue affects bcoos 1.0.13; other versions may also be affected.
|
|
|
|
http://www.example.com/bcoos/class/debug/highlight.php?file=../../../../../boot.ini |