webgrind 1.0 (file param) Local File Inclusion Vulnerability

webgrind suffers from a file inlcusion vulnerability (LFI) when input passed thru the ‘file’ parameter to index.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.


---------------------------
/index.php:
-----------
122: case 'fileviewer':
123: $file = get('file');
124: $line = get('line');
---------------------------

Advisory details: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5075.php

Thanks to Michael Meyer, OpenVAS Project.

Comment are closed.