Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17055
HistoryMay 19, 2007 - 12:00 a.m.

[Full-disclosure] PsychoStats 3.0.6b and prior

2007-05-1900:00:00
vulners.com
20

newtheme variable only expects "sane" behaivor, no arguement or an
arguement with any special character, etc… will cause it to error and
display the full path to $pathtohlstats/includes/smarty/Smarty.class.php

$pathtohlstats/server.php?newcss=styles.css&newtheme=%00

Ex: Warning: Smarty error: unable to read resource: "server.html" in
$pathtohlstats/includes/smarty/Smarty.class.php on line 1088


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/