SECUNIA ADVISORY ID: SA23661
VERIFY ADVISORY: http://secunia.com/advisories/23661/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
SOFTWARE: Dayfox Blog - http://secunia.com/product/10067/
DESCRIPTION: ShaFuq31 has reported a vulnerability in Dayfox Blog, which can be exploited by malicious people to disclose sensitive information. Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.
SOLUTION: Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY: ShaFuq31
Dayfox Blog Local File Inclusion VulnerabilityPosted on Tuesday, January 09, 2007 @ 09:27:24 CST in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
