Ravens PHP Scripts - Dayfox Blog Local File Inclusion Vulnerability

SECUNIA ADVISORY ID: SA23661

VERIFY ADVISORY: http://secunia.com/advisories/23661/

CRITICAL: Moderately critical

IMPACT: Exposure of sensitive information

SOFTWARE: Dayfox Blog - http://secunia.com/product/10067/

DESCRIPTION: ShaFuq31 has reported a vulnerability in Dayfox Blog, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

SOLUTION: Edit the source code to ensure that input is properly verified.

PROVIDED AND/OR DISCOVERED BY: ShaFuq31