Drupal Local File Inclusion Vulnerability

I was testing our scanner (with AcuSensor enabled) on Drupal (http://www.drupal.org) and the scanner found a possible File Inclusion vulnerability. As you can see from the screenshot above, the GET variable q was set to start/../../xxx….end and it got partially sanitized. It reached the include function as /themes/garland/page-start-..-..-xxx….end.tpl.php. All the slashes were replaced with “-“. […]

Read More →