- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5121
- Проверка EDB
-
- Пройдено
- Автор
- MHZ91
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-0803
- Дата публикации
- 2008-02-14
Код:
--==+================================================================================+==--
--==+ LookStrike Lan Manager v0.9 Remote\Local File Inclusion +==--
--==+================================================================================+==--
Author: MhZ91
Title: LookStrike Lan Manager v0.9 Remote\Local File Inclusion
Download: http://sourceforge.net/project/showfiles.php?group_id=152660
Bug: Remote\Local File Inclusion
Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically.
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
LookStrike Lan Manager v0.9 present a remote\local file inclusion vulnerability in this file..
modules\class\Table.php
modules\class\db\db_admins.php
modules\class\db\db_alert.php
modules\class\db\db_double.php
modules\class\db\db_games.php
modules\class\db\db_matches.php
modules\class\db\db_match_teams.php
modules\class\db\db_news.php
modules\class\db\db_platform.php
modules\class\db\db_players.php
modules\class\db\db_server_group.php
modules\class\db\db_server_ip.php
modules\class\db\db_teams.php
modules\class\db\db_team_players.php
modules\class\db\db_tournaments.php
modules\class\db\db_tournament_teams.php
modules\class\db\db_trees.php
modules\class\tournament\Match.php
modules\class\tournament\MatchTeam.php
modules\class\tournament\Rule.php
modules\class\tournament\RuleBuilder.php
modules\class\tournament\RulePool.php
modules\class\tournament\RuleSingle.php
modules\class\tournament\RuleTree.php
modules\class\tournament\Tournament.php
modules\class\tournament\TournamentTeam.php
modules\class\tournament\Tree.php
modules\class\tournament\TreeSingle.php
all are exploitable by the variable "sys_conf[path][real]" for example
http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]
[*]----------------------------------------------------------
# milw0rm.com [2008-02-14]- Источник
- www.exploit-db.com
