[Full-disclosure] PsychoStats 3.0.6b and prior
kefka
kefka at kevinbeardsucks.com
Fri May 18 08:00:13 BST 2007
newtheme variable only expects "sane" behaivor, no arguement or an
arguement with any special character, etc.. will cause it to error and
display the full path to $pathtohlstats/includes/smarty/Smarty.class.php
$pathtohlstats/server.php?newcss=styles.css&newtheme=%00
Ex: Warning: Smarty error: unable to read resource: "server.html" in
$pathtohlstats/includes/smarty/Smarty.class.php on line 1088
Full-Disclosure is hosted and sponsored by Secunia.