- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5124
- Проверка EDB
-
- Пройдено
- Автор
- MHZ91
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-0818
- Дата публикации
- 2008-02-14
Код:
--==+================================================================================+==--
--==+ freePHPgallery 0.6 Cookie Local File Inclusion +==--
--==+================================================================================+==--
Author: MhZ91
Title: freePHPgallery 0.6 Cookie Local File Inclusion
Download: http://sourceforge.net/projects/freephpgallery/
Bug: Local File Inclusion
Info: freePHPgallery is a easy-to-use free PHP picture gallery. Automatic creation of picture indexes with thumbnails, commenting function, selection of multiple languages. This software does not NOT require a database or other additional software.
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
freePHPgallery 0.6 present a local file inclusion in this file
index.php
comment.php
show.php
<?php
[...]
if($_COOKIE['lang']!="")
{if(file_exists("./lang/".$_COOKIE['lang'])){include ("./lang/".$_COOKIE['lang']);};}
[...]
?>
we can modify the cookie lang value whit a ../../../../ etc... and give a local file inclusion
[*]----------------------------------------------------------
# milw0rm.com [2008-02-14]- Источник
- www.exploit-db.com
