The exploit demonstrates a local file inclusion (LFI) vulnerability in sflog! 1.00 by manipulating the 'section' parameter to traverse directories and access sensitive files like '/etc/passwd'. The attack leverages insufficient input sanitization in the PHP application.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:sflog! 1.00
No auth needed
Prerequisites:Access to the vulnerable web application