PHPAccounts vuln.
###############################################
Vuln. discovered by : r0t
Date: 21 June 2007
vendor:http://phpaccounts.com/
orginal advisory:
http://pridels-team.blogspot.com/2007/06/phpaccounts-vuln.html
affected versions: PHPAccounts 0.5
other versions also can be affected.
###############################################
1.Local file inclussion
PHPAccounts contains a flaw that allows a Local file inclusion
attacks.Inputpassed to the "page" parameter in "
index.php" isn't properly verified, before it is used to include files. This
can be exploited to include arbitrary files from local resources.
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################