facebook facebook twitter rss

plume 1.2.3 Local File Include

Author: JoKeR_StEx , Published: 07-12-2013
==================================================================
# Vulns Title : plume 1.2.3 Local File Include
# Author : JoKeR_StEx
# Downlaod Software Link : www.phpsources.org/fichier-zip-426.html
# Date : 07/12/2013
==================================================================
/*/ Vuln :
in file : manager/inc/class.config.php
In Function : loadWebsite($websiteid)
<?
111: function loadWebsite($websiteid)
112: {

113: global $_PX_website_config;

114: $success = true;

115: if (preg_match('/[^0-9a-z\-]/i', $websiteid)) $success = false;


116: $config = dirname(__FILE__).'/../conf/configweb_'.$websiteid.'.php';

117: if ($success && file_exists($config)) {

118: include $config;

119: return true;

120: } else {

121: $_PX_website_config = array();

122: return false;

123: }

124: }
<?
So, The BUg In Line (117,118) :)
= = = = = = = = = = = = = = = <3 Algeria= = = = = = = = = = = = = = = = = = = = =
Gr33t'z t0 : Team Dz S.O.S , The Black Devils , & all Dz Pentesters and Hackers
= = = = = = = = = = = = = = = = <DZ= = = = = = = = = = = = = = = = = = = = = = =

Like us on Facebook :