Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: DesktopOnNet 3 Beta LFI
From: Whitney Houston <i4m4l1v3b17ch3z () gmail com>
Date: Mon, 27 Feb 2012 14:10:59 +0000

I forget to say, I want CVE number. give it to me.

On Mon, Feb 27, 2012 at 2:10 PM, Whitney Houston
<i4m4l1v3b17ch3z () gmail com>wrote:

Hello list

I want to report serious scary issue, I find this vulnerability that make
me fall off chair and giggle like silly slut.

Project: http://sourceforge.net/projects/don3/

<?php
require('system/switches.php');

if
(file_exists('applications/'.$_GET["app"].'.don3app/'.$_GET["app"].'.php')){
        $appfile = $_GET["app"];
        $app_path = "applications/".$appfile.".don3app/";
} else {
        $appfile = "frontpage";
        $app_path = "applications/frontpage.don3app/";
}

if (file_exists("library/$appfile.don3lib")){
        $topper_array = don3_read_don3lib($appfile.".don3lib");
        $title = $topper_array[0];
} else {
        $title = "ERROR T1";
}


$topper_includer = 'applications/'.$appfile.'.don3app/'.$appfile.'.php';

....

include ($topper_includer);


Obviously I keep this bug super secret for many month but now i release
for all, after my recent death.

xx


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]