This is a writeup describing a Local File Inclusion (LFI) vulnerability in Endonesia 8.4 CMS. The vulnerability arises from improper input validation in the mod.php file, allowing attackers to traverse directories and include arbitrary files such as /proc/self/environ.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Endonesia CMS 8.4
No auth needed
Prerequisites:magic_quotes_gpc disabled on the target server