lookstrike-rfilfi.txt

lookstrike-rfilfi.txt: Posted Feb 14, 2008; Authored by MhZ91 | Site inj3ct-it.org; Lookstrike Lan Manager version 0.9 suffers from remote and local file inclusion vulnerabilities.; tags | exploit, remote, local, vulnerability, code execution, file inclusion; SHA-256 | b9889dcafa8961bc6677973f7d40b99eebb5a638bd6679aaeee47a39ce624268; Download | Favorite | View

lookstrike-rfilfi.txt

--==+================================================================================+==--
--==+    LookStrike Lan Manager v0.9 Remote\Local File Inclusion              +==--
--==+================================================================================+==--

 Author: MhZ91
 Title: LookStrike Lan Manager v0.9 Remote\Local File Inclusion 
 Download: http://sourceforge.net/project/showfiles.php?group_id=152660
 Bug: Remote\Local File Inclusion
 Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically.
 Visit: http://www.inj3ct-it.org

[*]----------------------------------------------------------

LookStrike Lan Manager v0.9 present a remote\local file inclusion vulnerability in this file.. 

modules\class\Table.php
modules\class\db\db_admins.php
modules\class\db\db_alert.php
modules\class\db\db_double.php
modules\class\db\db_games.php
modules\class\db\db_matches.php
modules\class\db\db_match_teams.php
modules\class\db\db_news.php
modules\class\db\db_platform.php
modules\class\db\db_players.php
modules\class\db\db_server_group.php
modules\class\db\db_server_ip.php
modules\class\db\db_teams.php
modules\class\db\db_team_players.php
modules\class\db\db_tournaments.php
modules\class\db\db_tournament_teams.php
modules\class\db\db_trees.php
modules\class\tournament\Match.php
modules\class\tournament\MatchTeam.php
modules\class\tournament\Rule.php
modules\class\tournament\RuleBuilder.php
modules\class\tournament\RulePool.php
modules\class\tournament\RuleSingle.php
modules\class\tournament\RuleTree.php
modules\class\tournament\Tournament.php
modules\class\tournament\TournamentTeam.php
modules\class\tournament\Tree.php
modules\class\tournament\TreeSingle.php

all are exploitable by the variable "sys_conf[path][real]" for example

http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]


[*]----------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 294 files
Ubuntu 64 files
Debian 24 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,171)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,070)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,426)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,010)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

lookstrike-rfilfi.txt

lookstrike-rfilfi.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

lookstrike-rfilfi.txt

Share This

lookstrike-rfilfi.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems